21-Sep-2023 — This article was originally written about 6 years ago for Raspbian Jessie. It has been updated to work with current versions of packages.<\/p>\n\n\n\n
I have a little Libre Computer Le Potato (basically a Raspberry Pi) that has recently become the host for pididu.com . It runs Raspberry Pi OS Bullseye, which is basically Debian linux. Here are the steps I followed to get Sendmail (v. 8.15.2-22) working with Domain Keys Identified Mail (OpenDKIM 2.11.0~beta2-4). I admit that this is something that most people will not need, so feel free to skip this article.<\/p>\n\n\n\n
First, install sendmail:<\/p>\n\n\n\n
sudo apt-get install sendmail<\/pre>\n\n\n\nFirst easy test to make sure it’s working. Send mail to myself on the same server.<\/p>\n\n\n\n
sendmail -v MyAccountName@pididu.com\nsubject: testing sendmail\nhere is the body\n.<\/pre>\n\n\n\nThe lone dot by itself on the last line closes and sends the message. The -v switch above prints in verbose mode. It’s important to watch the output carefully and note any errors or warnings. If there’s no trouble, try a more thorough test by sending mail to the internet:<\/p>\n\n\n\n
sendmail -v MyAccountName@yahoo.com
subject: testing sendmail
here is the body
.<\/pre>\n\n\n\nNote that Yahoo, as many other email providers, will give an “Unresolvable RFC.5321” error if your server does not have a hostname that matches your domain. In my case, I had to edit \/etc\/hostname to contain pididu.com . In the case of Yahoo, when you fail, the output will give you a link to explanations of the error messages. Here is the link<\/a>.<\/p>\n\n\n\n
Check Yahoo mail to see that the message was received. Note that I don’t use gmail for this test, which might reject mail from an unestablished source as spam. If Yahoo didn’t get the message, try doing
tail \/var\/log\/mail.log<\/code> to look for errors.<\/p>\n\n\n\nNow install opendkim:<\/p>\n\n\n\n
sudo apt-get install opendkim opendkim-tools\nsudo mkdir \/etc\/opendkim\ncd \/etc\/opendkim\nsudo opendkim-genkey -s k1 -d pididu.com\n<\/pre>\n\n\n\n
k1<\/code> is the name I chose for the selector.pididu.com<\/code> is my domain, but of course, you would substitute your own in its place. Two files will be generated:k1.private<\/code> – private key information which should never leave the server, andk1.txt<\/code> – information to add to the zone file on my DNS server. The contents of this file are<\/p>\n\n\n\nk1._domainkey IN TXT \"v=DKIM1\\ ; k=rsa\\ ;p=MIG ... IDAQAB\"\\;<\/pre>\n\n\n\nA whole bunch of characters have been omitted above for brevity.
k1._domainkey<\/code> is the hostname for the record, and all the stuff between the quotation marks is the content of the record. You must add this record to your DNS server. With some hosts, you can enter this information yourself; with others, you must ask their technical support to enter it for you. To check that the record has been added correctly:<\/p>\n\n\n\ndig k1._domainkey.pididu.com txt +short<\/pre>\n\n\n\nwhich should show the record previously entered.<\/p>\n\n\n\n
The installation of opendkim should have created an opendkim user. Verify:<\/p>\n\n\n\n
grep opendkim \/etc\/passwd<\/pre>\n\n\n\nwhich should return something like<\/p>\n\n\n\n
opendkim:x:129:129::\/usr\/run\/opendkim:\/bin\/false<\/pre>\n\n\n\nMake sure that the opendkim user can access the key file:<\/p>\n\n\n\n
sudo chown opendkim:opendkim \/etc\/opendkim\/k1.private<\/pre>\n\n\n\nTest the domain key:<\/p>\n\n\n\n
sudo opendkim-testkey -d pididu.com -s k1 -vvv -k \/etc\/opendkim\/k1.private<\/pre>\n\n\n\nDon’t worry if you get a warning that the key is not secure. That just means that you don’t have DNSSEC in place.<\/p>\n\n\n\n
sudo vi \/etc\/default\/opendkim<\/pre>\n\n\n\nThere may be a line starting with
SOCKET=<\/code> in there as the default. Comment that out, and uncomment the line of the formSOCKET=inet:12274@localhost<\/code> . The port number does not have to be12274<\/code> – choose one to suit yourself. Save and quit.<\/p>\n\n\n\nSet other configuration information for opendkim:<\/p>\n\n\n\n
sudo vi \/etc\/opendkim.conf<\/pre>\n\n\n\nand edit existing lines sure that it contains<\/p>\n\n\n\n
Domain pididu.com\nKeyfile \/etc\/opendkim\/k1.private\nSelector k1\n\nSocket inet:12274@localhost<\/pre>\n\n\n\nIf there is some other socket enabled, comment that line out. Note that you don’t need to use 12274 – it could be 8891, or pretty much any relatively high number that you want. Some other settings that I use that might help:<\/p>\n\n\n\n
LogWhy yes\nMode sv<\/pre>\n\n\n\nNow configure sendmail to use opendkim to sign outgoing mail.<\/p>\n\n\n\n
sudo vi \/etc\/mail\/sendmail.mc<\/pre>\n\n\n\nand append this line to the end:<\/p>\n\n\n\n
INPUT_MAIL_FILTER(`opendkim', `S=inet:12274@localhost')dnl<\/pre>\n\n\n\nNote that in the above, a grave accent opens the quote, and an apostrophe closes it. Also, the port (12274 in the above case) must match the port previously chosen for opendkim.<\/p>\n\n\n\n
In the same file, look for MASQUERADE section, and either comment out all lines, or edit the MASQUERADE_AS to name the actual domain of your sever like this:<\/p>\n\n\n\n
dnl # Masquerading options\ndnl # Roderick 20-SEP-2023 either masquerade as pididu.com,\ndnl # or comment this stuff out entirely.\nFEATURE(`always_add_domain')dnl\nMASQUERADE_AS(`pididu.com')dnl\nFEATURE(`allmasquerade')dnl\nFEATURE(`masquerade_envelope')dnl<\/pre>\n\n\n\nAfter saving the file, run<\/p>\n\n\n\n
sudo su\nm4 \/etc\/mail\/sendmail.mc > \/etc\/mail\/sendmail.cf\nexit<\/pre>\n\n\n\nFor some reason, I couldn’t run
sudo m4 <\/code>directly on my system, but the above worked. Now restart sendmail. It may take a minute or two:<\/p>\n\n\n\nsudo service sendmail restart<\/pre>\n\n\n\nThen send another message to your Yahoo or other mail, as before. To confirm that things went well, look at the mail log for sendmail and opendkim activity:<\/p>\n\n\n\n
tail \/var\/log\/mail.log<\/pre>\n\n\n\nAlso, open the message under Yahoo mail, and view the “raw message” (it might be called “full headers” or something else, depending on your mail service). It should have a line something like this showing DKIM pass:<\/p>\n\n\n\n
Authentication-Results: mta1319.mail.bf1.yahoo.com from=pididu.com; domainkeys=neutral (no sig); from=pididu.com; dkim=pass (ok)<\/pre>\n","protected":false},"excerpt":{"rendered":"21-Sep-2023 — This article was originally written about 6 years ago for Raspbian Jessie. It has been updated to work with current versions of packages. I have a little Libre Computer Le Potato (basically a Raspberry Pi) that has recently become the host for pididu.com . It runs Raspberry Pi OS Bullseye, which is basically … Continue reading Install Sendmail with DKIM on Rasbios Bullseye<\/span>