# Postfix with Domain Key - Test request

## langthang

postfix-2.3.0 support Domain Key signing.  To enable it do (assumed you have your own mail/DNS server already setup):

```
# echo =mail-mta/postfix-2.3.0 >> /etc/portage/package.unmask

# echo =mail-filter/libmilter-8.13.7 >> /etc/portage/package.unmask

# echo =mail-filter/dk-milter-0.4.1 >> /etc/portage/package.unmask

# emerge postfix dk-milter

# gentxt.sh domainkey1 mydomain.example > bind.txt.record

# cat bind.txt.record >> /etc/bind/pri/mydomain.example # assumed this is your zone file

# rdnc reload

$ dig +short domainkey1._domainkey.mydomain.example TXT # to check TXT record

# mv domainkey1.private /etc/mail/dk-filter

# chown milter:milter /etc/mail/dk-filter/domainkey1.private

# chmod 400 /etc/mail/dk-filter/domainkey1.private

# sed -i -e 's:SELECTOR="domainkey":SELECTOR="domainkey1":' /etc/conf.d/dk-filter # set SELECTOR to the one you set above when run gentxt.sh

# sed -i -e 's:DOMAIN="example.com':DOMAIN="mydomain.example"' /etc/conf.d/dk-filter # set DOMAIN to mydomain.example

# /etc/init.d/dk-filter start

# postconf -e smtpd_milters=inet:localhost:8025

# /etc/init.d/postfix restart
```

send a test email to sa-test@sendmail.net or autorespond+dk@dk.elandsys.com to test.

Suggestions to improve ebuild are welcomed.

----------

## steveb

Where do you generate domainkey1.private? I see only, that you move it to /etc/mail/dk-filter but not that you create it.

cheers

SteveB

----------

## langthang

```
# gentxt.sh domainkey1 mydomain.example > bind.txt.record
```

generate the key domainkey1.private at current directory and redirect the output to bind.txt.record for later use. You don't have to do "> bind.txt.record" but then you have to copy & paste the output later to your zone file.

HTH

----------

## steveb

 *langthang wrote:*   

> 
> 
> ```
> # gentxt.sh domainkey1 mydomain.example > bind.txt.record
> ```
> ...

 

Would it not be better to redirect it directly to domainke1.private instead to bind.txt.record? Because if I would follow your instructions, then:

```
# echo =mail-mta/postfix-2.3.0 >> /etc/portage/package.unmask 

 # echo =mail-filter/libmilter-8.13.7 >> /etc/portage/package.unmask 

 # echo =mail-filter/dk-milter-0.4.1 >> /etc/portage/package.unmask 

 # emerge postfix dk-milter 

 # gentxt.sh domainkey1 mydomain.example > bind.txt.record 

 # cat bind.txt.record >> /etc/bind/pri/mydomain.example # assumed this is your zone file 

 # rdnc reload 

 # dig +short domainkey1._domainkey.mydomain.example TXT # to check TXT record 

 # mv domainkey1.private /etc/mail/dk-filter
```

On the line above, I would get a error.

```
 # chown milter:milter /etc/mail/dk-filter/domainkey1.private 

 # chmod 400 /etc/mail/dk-filter/domainkey1.private 

 # sed -i -e 's:SELECTOR="domainkey":SELECTOR="domainkey1":' /etc/conf.d/dk-filter # set SELECTOR to the one you set above when run gentxt.sh 

 # sed -i -e 's:DOMAIN="example.com':DOMAIN="mydomain.example"' /etc/conf.d/dk-filter # set DOMAIN to mydomain.example 

 # /etc/init.d/dk-filter start 

 # postconf -e smtpd_milters=inet:localhost:8025 

 # /etc/init.d/postfix restart
```

cheers

SteveB

----------

## langthang

I guess I wasn't clear explain what `gentxt.sh domainkey1 mydomain.example > bind.txt.record` does. gentxt.sh generates a domainkey1.private private key file and output some text that you put it in your zone file for the TXT record. I have it redirect to bind.txt.record so we can append it to the zone file later with `cat bind.txt.record >> /etc/bind/pri/mydomain.example` 

if you run gentxt.sh without ">", you will see something like:

```
$ gentxt.sh mykey mydomain.example

mykey._domainkey IN TXT "g=; k=rsa; t=y; p=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAMHF2C5kxQ47QfhcG19IZ1wMNC9YFOMvdv+J9D4uq7EU2lVfI/Ftl0nyRS052jftyYNHb3DFeVJkh1WHWnDIllkCAwEAAQ==" ; ----- DomainKey mykey for mydomain.example

$ ls -l mykey.private

-rw-r--r-- 1 tvan users 497 2006-08-22 21:38 mykey.private

$ cat mykey.private

-----BEGIN RSA PRIVATE KEY-----

MIIBOwIABAJBAMHF2C5kxQ47QfhcG19IZ1wMNC9YFOMvdv+J9D4uq7EU2lVfI/Ft

l0nyRS052jftyYNHb3DFeVJkh1WHWnDIllkTXwEAAQJBAIVC2fS2CqtJ54m1VoHF

2od8QRtaOSswxmbhah6lnCAwYgzH5FI/Q5+5g/emPpl/YgZTnM9rG/2Smm9BnjDH

EYECIQD3wwwEuKu6dk6a1OBbqy/+8xv1mshGtkbsnocd/kujCQIhAMg3PeDiO0tk

aghuouxLCTwZ0y5Av9onBrhKgK3w95zRAiEAiWXpLFUdJvKk9MhJA40TuNcpEjMc

DdrXyjC/zapQV8ECIERjqj1QyZQ9HoL216wDDYp7/8jC0UXBIuh8emvv7YShAiA6

KPfsLXxC0WTJxrxc4D7HclH62MnKGSP/OAt3tITNAg==

-----END RSA PRIVATE KEY-----

```

if you get an error with `mv domainkey1.private /etc/mail/dk-filter` then for some reason gentxt.sh didn't generate domainkey1.private.

----------

## Daivil

I can't get it working with outoing emails.

Has anyone ever managed to sign outgoing mails?

----------

## JC99

Is there a modern How-to for postfix 2.5.5 and dk-milter 1.0.1 anywhere that specifically instructs how to do domainkeys on Gentoo?

----------

