OpenDKIM (Open Domain Keys Identified Mail).
OpenDKIM (Open Domain Keys Identified Mail) adalah sebuah program Open Source yang digunakan untuk menerapkan verifikasi digital pada email yang dikirim dari sebuah domain.
OpenDKIM membantu mengamankan proses pengiriman email dengan menambahkan tanda tangan digital yang dapat diverifikasi oleh penerima.
Install OpenDKIM di Debian Linux.
1. Login ke dalam Sistem Operasi Debian menggunakan SSH sebagai root.
su
2. Install opendkim dan opendkim-tools.
apt install opendkim opendkim-tools
3. Buat directory (nama-domain-anda) di /etc/dkimkeys/.
mkdir /etc/dkimkeys/openbsd.lynixnetwork.com
4. Generate Private Key dan DKIM Record untuk domain anda.
opendkim-genkey -b 1024 -D /etc/dkimkeys/openbsd.lynixnetwork.com -d openbsd.lynixnetwork.com -s default -v
5. Buat file KeyTable di /etc/dkimkeys/openbsd.lynixnetwork.com.
nano /etc/dkimkeys/openbsd.lynixnetwork.com/KeyTable
default._domainkey.openbsd.lynixnetwork.com openbsd.lynixnetwork.com:default:/etc/dkimkeys/openbsd.lynixnetwork.com/default.private
6. Buat file SigningTable di /etc/dkimkeys/openbsd.lynixnetwork.com.
nano /etc/dkimkeys/openbsd.lynixnetwork.com/SigningTable
*@openbsd.lynixnetwork.com default._domainkey.openbsd.lynixnetwork.com
7. Buat file TrustedHosts di /etc/dkimkeys/openbsd.lynixnetwork.com.
nano /etc/dkimkeys/openbsd.lynixnetwork.com/TrustedHosts
127.0.0.1
192.168.1.11
openbsd.lynixnetwork.com
192.168.1.11
openbsd.lynixnetwork.com
8. Rubah kepemilikan directory /etc/dkimkeys/openbsd.lynixnetwork.com/ secara recursive.
chown -R opendkim:opendkim /etc/dkimkeys/openbsd.lynixnetwork.com/
9. Rubah hak akses file yang berisi Private Key dan DKIM Record.
chmod 640 /etc/dkimkeys/openbsd.lynixnetwork.com/default.*
10. Hapus konfigurasi dasar OpenDKIM.
rm /etc/opendkim.conf
11. Buat baru konfigurasi OpenDKIM.
nano /etc/opendkim.conf
12. Copy paste text berikut kedalam editor nano.
Syslog yes
SyslogSuccess yes
LogWhy Yes
AutoRestart Yes
AutoRestartRate 10/1h
UMask 002
#SignatureAlgorithm rsa-sha256
Canonicalization relaxed/simple
Mode sv
#SubDomains no
OversignHeaders From
ExternalIgnoreList refile:/etc/dkimkeys/openbsd.lynixnetwork.com/TrustedHosts
InternalHosts refile:/etc/dkimkeys/openbsd.lynixnetwork.com/TrustedHosts
KeyTable refile:/etc/dkimkeys/openbsd.lynixnetwork.com/KeyTable
SigningTable refile:/etc/dkimkeys/openbsd.lynixnetwork.com/SigningTable
Domain openbsd.lynixnetwork.com
RequireSafeKeys False
Selector default
KeyFile /etc/dkimkeys/openbsd.lynixnetwork.com/default.private
UserID opendkim
UMask 007
#Socket local:/run/opendkim/opendkim.sock
#Socket inet:8891@localhost
Socket inet:8891
#Socket local:/var/spool/postfix/opendkim/opendkim.sock
PidFile /run/opendkim/opendkim.pid
TrustAnchorFile /usr/share/dns/root.key
SyslogSuccess yes
LogWhy Yes
AutoRestart Yes
AutoRestartRate 10/1h
UMask 002
#SignatureAlgorithm rsa-sha256
Canonicalization relaxed/simple
Mode sv
#SubDomains no
OversignHeaders From
ExternalIgnoreList refile:/etc/dkimkeys/openbsd.lynixnetwork.com/TrustedHosts
InternalHosts refile:/etc/dkimkeys/openbsd.lynixnetwork.com/TrustedHosts
KeyTable refile:/etc/dkimkeys/openbsd.lynixnetwork.com/KeyTable
SigningTable refile:/etc/dkimkeys/openbsd.lynixnetwork.com/SigningTable
Domain openbsd.lynixnetwork.com
RequireSafeKeys False
Selector default
KeyFile /etc/dkimkeys/openbsd.lynixnetwork.com/default.private
UserID opendkim
UMask 007
#Socket local:/run/opendkim/opendkim.sock
#Socket inet:8891@localhost
Socket inet:8891
#Socket local:/var/spool/postfix/opendkim/opendkim.sock
PidFile /run/opendkim/opendkim.pid
TrustAnchorFile /usr/share/dns/root.key
13. Restart atau start service OpenDKIM.
systemctl restart opendkim
Konfigurasi DKIM di DNS Management Hosting (cPanel atau DirectAdmin).
1. Siapkan DKIM Record hasil Generate opendkim-genkey.
cat /etc/dkimkeys/openbsd.lynixnetwork.com/default.txt
2. Buat record baru di DNS Management Hosting (cPanel atau DirectAdmin) tipe TXT, Key: default._domainkey, Nilai: salin isi dari file default.txt.
3. Validasi DKIM DNS Record dengan tool dari https://mxtoolbox.com.
OpenDKIM - Lynix
April 28, 2024
April 28, 2024