OpenDKIM

Modoboa can generate DKIM keys for the hosted domains but it won’t sign or check messages. To do that, you need a dedicated software like OpenDKIM.

Note

The cron job in charge of creating DKIM keys must be run using the same user than OpenDKIM (ie. opendkim in most cases).

Database

Since keys related information is stored in Modoboa’s database, you need to tell OpenDKIM how it can access it.

First, make sure to install the required additional packages on your system (libopendbx1-* on debian based distributions or opendbx-* on CentOS, the complete name depends on your database engine).

Then, insert the following SQL view into Modoboa’s database:

PostgreSQL

CREATE OR REPLACE VIEW dkim AS (
  SELECT id, name as domain_name, dkim_private_key_path AS private_key_path,
       dkim_key_selector AS selector
  FROM admin_domain WHERE enable_dkim
);

MySQL/MariaDB

CREATE OR REPLACE VIEW dkim AS (
  SELECT id, name as domain_name, dkim_private_key_path AS private_key_path,
       dkim_key_selector AS selector
  FROM admin_domain WHERE enable_dkim=1
);

Configuration

You should find OpenDKIM’s configuration file at /etc/opendkim.conf.

Add the following content to it:

KeyTable              dsn:<driver>://<user>:<password>@<db host>/<db name>/table=dkim?keycol=id?datacol=domain_name,selector,private_key_path
SigningTable          dsn:<driver>://<user>:<password>@<db host>/<db name>/table=dkim?keycol=domain_name?datacol=id
Socket                inet:12345@localhost

Replace values between <> by yours. Accepted values for driver are pgsql or mysql. Make sure the user you specify has read permission on the view created previously.

If you run a debian based system, make sure to adjust the following setting in the /etc/default/opendkim file:

SOCKET=inet:12345@localhost

Eventually, reload OpenDKIM.

Postfix integration

Add the following lines to the /etc/postfix/main.cf file:

smtpd_milters = inet:127.0.0.1:12345
non_smtpd_milters = inet:127.0.0.1:12345
milter_default_action = accept
milter_content_timeout = 30s

and reload postfix.