雑記帳

FreeBSDで稼働するpostfix+bindの環境にDKIMを導入する。

まずはpkgコマンドでOpenDKIMを導入する。

root@fbsd:~ # pkg search opendkim
opendkim-2.10.3_16             DKIM library and milter implementation
p5-Mail-OpenDKIM-4204          Perl interface to OpenDKIM C library
root@fbsd:~ # pkg install opendkim
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
The following 4 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
        libsodium: 1.0.18
        lua54: 5.4.6
        opendkim: 2.10.3_16
        unbound: 1.18.0_1

Number of packages to be installed: 4

The process will require 12 MiB more space.
3 MiB to be downloaded.

Proceed with this action? [y/N]: y

[1/4] Fetching unbound-1.18.0_1.pkg: 100%    2 MiB   2.3MB/s    00:01
[2/4] Fetching lua54-5.4.6.pkg: 100%  291 KiB 298.3kB/s    00:01
[3/4] Fetching opendkim-2.10.3_16.pkg: 100%  288 KiB 295.4kB/s    00:01
[4/4] Fetching libsodium-1.0.18.pkg: 100%  161 KiB 164.4kB/s    00:01
Checking integrity... done (0 conflicting)
[1/4] Installing libsodium-1.0.18...
[1/4] Extracting libsodium-1.0.18: 100%
[2/4] Installing unbound-1.18.0_1...
===> Creating groups.
Using existing group 'unbound'.
===> Creating users
Using existing user 'unbound'.
[2/4] Extracting unbound-1.18.0_1: 100%
[3/4] Installing lua54-5.4.6...
[3/4] Extracting lua54-5.4.6: 100%
[4/4] Installing opendkim-2.10.3_16...
[4/4] Extracting opendkim-2.10.3_16: 100%
=====
Message from opendkim-2.10.3_16:

--
In order to run this port, write your opendkim.conf and:

if you use sendmail, add the milter socket `socketspec' in
/etc/mail/<your_configuration>.mc:

INPUT_MAIL_FILTER(`dkim-filter', `S=_YOUR_SOCKET_SPEC_, F=T, T=R:2m')

or if you use postfix write your milter socket `socketspec' in
/usr/local/etc/postfix/main.cf:

smtpd_milters = _YOUR_SOCKET_SPEC_

And to run the milter from startup, add milteropendkim_enable="YES" in
your /etc/rc.conf.
Extra options can be found in startup script.

Note: milter sockets must be accessible from postfix/smtpd;
  using inet sockets might be preferred.
root@fbsd:~ #

次に/etc/rc.confに下行を追加

milteropendkim_enable="YES"

インストールされる/usr/local/etc/mail/opendkim.confはいささか長いので、
opendkim.conf.orgとかに退避。下記を貼り付けた。
(ドメイン名はインストール先の環境に合わせること)

# vi /usr/local/etc/mail/opendkim.conf
Canonicalization        simple/simple
Domain                  example.jp
KeyFile                 /var/db/dkim/example.jp.private
LogWhy                  yes
Mode                    sv
ReportAddress           "DKIM Error Postmaster" <postmaster@example.jp>
Selector                example.jp
SendReports             yes
Socket                  inet:8891@localhost
SubDomains              yes
Syslog                  Yes
SyslogSuccess           yes
UMask                   002

次に/etc/groupを編集。mailnullにpostfixを追加する

mailnull:*:26:postfix

postfixのmain.cfに下記を追加

# mail filter
smtpd_milters = inet:localhost:8891
non_smtpd_milters = inet:localhost:8891
milter_default_action = accept

OpenDKIMを起動するとともにPostfixとnamedbを再起動する。

kill -HUP `cat /var/run/named/pid `
postfix reload
/usr/local/etc/rc.d/milter-opendkim start

googleにメールして、DKIMが有効になっていることを確認する。