Enable Dkim in Postfix on Centos 6/7

 

How DKIM Works ?

When we configured DKIM on sending servers. First, we generated a public/private key pair for signing outgoing messages. The public key is configured as TXT record on a domains name server, and the private key is configured in the outbound email server. When an email is sent by an authorized user of the email server, the server uses the stored private key to generate a digital signature of the message, which is inserted in the message as a header, and the email is sent as normal.

Step 1 – Install DKIM-milter

First make sure you have enabled EPEL repository in your system. After that install dkim-milter package using following command.

yum install postfix opendkim

Step 2 – Generate Key Pair

Now create DKIM key pair using dkim-genkey command line utility provided by dkim-milter package. For this tutorial we are using domain name “example.com”, Change this name with your actual names.

MYDOMAIN=example.com
mkdir -p /etc/opendkim/keys/$MYDOMAIN
cd /etc/opendkim/keys/$MYDOMAIN
opendkim-genkey -r -d $MYDOMAIN

Above command will generate two files default.private and default.txt. You can created multiple DKIM keys for different-2 domains and configure with your postfix server.

Now set the proper permissions on Keys directory.

chown -R opendkim:opendkim /etc/opendkim
chmod go-rw /etc/opendkim/keys

Step 3 – Configure OpenDKIM

Edit the Opendkim configuration file and Add/Update following entries in file.

vim /etc/opendkim.conf

Mode     sv
Socket   inet:8891@localhost
Domain   example.com
#KeyFile        /etc/opendkim/keys/default.private  ### comment this line
KeyTable        /etc/opendkim/KeyTable
SigningTable   refile:/etc/opendkim/SigningTable
ExternalIgnoreList      refile:/etc/opendkim/TrustedHosts
InternalHosts   refile:/etc/opendkim/TrustedHosts

Then edit the domain keys lists setting file /etc/opendkim/KeyTable and add following entry.

default._domainkey.example.com example.com:default:/etc/opendkim/keys/example.com/default.private

After that edit /etc/opendkim/SigningTable file and update following entry.

*@example.com default._domainkey.example.com

And edit /etc/opendkim/TrustedHosts file and update following entry.

mail.example.com
example.com

Step 4 – Configure Postfix

Now edit POSTFIX configuration file /etc/postfix/main.cf and add following values at the end of file

smtpd_milters = inet:127.0.0.1:8891
non_smtpd_milters = $smtpd_milters
milter_default_action = accept

finally start DKIM service using following command

service opendkim start

Step 5 – Configure DNS Entry

After configuring private key in postfix server. there will be another file /etc/opendkim/keys/example.com/default.txt/strong> generated by opendkim-genkey. Edit your DNS zone file and add this as TXT record found in default.txt. In my case this is like below.

default._domainkey      IN      TXT     ( "v=DKIM1; k=rsa; s=email; "
"p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCdTtEqM8FqndiFYOderzljMMMqBdEp+wJKP+VUbhc9GigmK34ZjrSqqdKjIEWr2q9DvSVp1H1bZs4t050m0HZxJqknDz2yoDJ6W4mCaSCHesRde5V44V/L65Gqm/rvBz1d6CCp8A2515eveWrIAocOD6pKJ4tnXHz3uwV2ZtgQiQIDAQAB" )  ; ----- DKIM key default for example.com

Step 6 – Verify DKIM

To verify that DKIM is working properly. Let’s send a test email through command line

mail -vs "Test DKIM" my_test_email@gmail.com < /dev/null

In the received email in our mailbox, open the source of the email and search for "DKIM-Signature". You will find something like below

DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=example.com;
	s=default.private; t=1402388963;
	bh=fdkeB/A0FkbVP2k4J4pNPoe23AvqBm9+b0C3OY87Cw8=;
	h=Date:From:Message-Id:To:Subject;
	b=M6g0eHe3LNqURha9d73bFWlPfOERXsXxrYtN2qrSQ6/0WXtOxwkEjfoNTHPzoEOlD
	 i6uLLwV+3/JTs7mFmrkvlA5ZR693sM5gkVgVJmuOsylXSwd3XNfEcGSqFRRIrLhHtbC
	 mAXMNxJtih9OuVNi96TrFNyUJeHMRvvbo34BzqWY=

source 

Restoring Orphan File-Per-Table ibd Files

 

This procedure describes how to restore orphan file-per-table .ibd files to another MySQL instance. You might use this procedure if the system tablespace is lost or unrecoverable and you want to restore .ibd file backups on a new MySQL instance.

The procedure is not supported for general tablespace .ibd files.

The procedure assumes that you only have .ibd file backups, you are recovering to the same version of MySQL that initially created the orphan .ibd files, and that .ibd file backups are clean. See Section 14.6.1.4, “Moving or Copying InnoDB Tables” for information about creating clean backups.

Table import limitations outlined in Section 14.6.1.3, “Importing InnoDB Tables” are applicable to this procedure.

1. On the new MySQL instance, recreate the table in a database of the same name.

   mysql> CREATE DATABASE sakila;
   
   mysql> USE sakila;
   
   mysql> CREATE TABLE actor (
            actor_id SMALLINT UNSIGNED NOT NULL AUTO_INCREMENT,
            first_name VARCHAR(45) NOT NULL,
            last_name VARCHAR(45) NOT NULL,
            last_update TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
            PRIMARY KEY  (actor_id),
            KEY idx_actor_last_name (last_name)
          )ENGINE=InnoDB DEFAULT CHARSET=utf8;

2. Discard the tablespace of the newly created table.

   mysql> ALTER TABLE sakila.actor DISCARD TABLESPACE;

3. Copy the orphan .ibd file from your backup directory to the new database directory.

   $> cp /backup_directory/actor.ibd path/to/mysql-5.7/data/sakila/

4. Ensure that the .ibd file has the necessary file permissions.

5. Import the orphan .ibd file. A warning is issued indicating that InnoDB tries to import the file without schema verification.

   mysql> ALTER TABLE sakila.actor IMPORT TABLESPACE; SHOW WARNINGS;
   Query OK, 0 rows affected, 1 warning (0.15 sec)
   
   Warning | 1810 | InnoDB: IO Read error: (2, No such file or directory)
   Error opening './sakila/actor.cfg', will attempt to import
   without schema verification

6. Query the table to verify that the .ibd file was successfully restored.

mysql> SELECT COUNT(*) FROM sakila.actor;
+----------+
| count(*) |
+----------+
|      200 |
+----------+

source