Introduction

DKIM-Filter implements a Sendmail Mail Filter (Milter) for the DomainKeys Identified Mail (DKIM) standard. DKIM provides a way for senders to confirm their identity when sending email by adding a cryptographic signature to the headers of the message.

The dkim-milter implements both signing and verification.

NOTE: Starting with Ubuntu 10.04, dkim-filter is deprecated. Use the opendkim package instead. Configuration is generally similar to dkim-filter, but it is still actively maintained.

Installation

The dkim-filter package is available in the Universe repository. See InstallingSoftware for details on using package managers and enabling repositories.

Configuration

As of Postfix version 2.3 the Sendmail version 8 milter protocol has been supported.

DKIM-Filter

The main configuration options for DKIM-Filter are placed in /etc/dkim-filter.conf. To configure DKIM-Filter to only verify messages edit the file and uncomment the following lines:

Mode                    v
X-Header                yes
On-BadSignature         reject

Note: the X-Header line isn't strictly necessary, but having DKIM-Filter add a line to the message header can help in debugging problems.

After configuring DKIM-Filter start the service:

sudo /etc/init.d/dkim-filter start

Postfix

Now Postfix needs to be configured to filter messages using the DKIM-Filter daemon. To configure Postfix from a terminal enter the following:

sudo postconf -e 'smtpd_milters = inet:localhost:8891'

Then restart Postfix to enable the new configuration:

sudo /etc/init.d/postfix restart

Troubleshooting

The best way to figure out problems with Postfix is to check the log files. Using the tail command you can see new log messages in real time:

tail -f /var/log/mail.log

Another way to make sure DKIM-Filter is working correctly is to enable the X-Header option as noted above. You will then be able to see the DKIM authentication results.

Note: this guide has been tested on Ubuntu 7.10 (Gutsy Gibbon).