DKIM PROXY FOR OUTGOING MAIL IN POSTFIX

1.  Download DKIM proxy
        wget http://downloads.sourceforge.net/dkimproxy/dkimproxy-1.3.tar.gz
        perl -MCPAN -e'CPAN::Shell->install("Net::Server")'
        perl -MCPAN -e'CPAN::Shell->install("Mail::DKIM")'
        perl -MCPAN -e'CPAN::Shell->install("Mail::DKIM")'       
        tar -zxvf dkimproxy-1.3.tar.gz
        ./configure --prefix=/usr/local/dkimproxy
        make install
       
2. Generate Public and Private Key
        Generate a private/public key pair using OpenSSL:
   
            openssl genrsa -out private.key 1024
            openssl rsa -in private.key -pubout -out public.key

3. Pick a selector name... e.g. relay1 and from pulic key create following TXT record.
        relay1._domainkey.domain.com. IN    TXT  "k=rsa; t=s; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDA2f/pF8NaHEEWNWIWNWL4H0gFJWici2nq3zyd3yw8K2/0ZxA8UTz72P67c7zTrMbEGL2Af6qFqY7N+Az8vO9/2uA3PrPJyrVW36KesGR2BJ3n8gvD+0XLzgaPP5clbrBWRyH/MHTETVB4G8SUH1LS++/KAlxbW4vGZuCP+lUGwwIDAQAB"

4. Create User dkim
        useradd dkim
       
6. edit master.cf add following entry

            submission  inet  n     -       n       -       -       smtpd
                -o smtpd_etrn_restrictions=reject
                -o smtpd_sasl_auth_enable=yes
                -o content_filter=dksign:[127.0.0.1]:10027
                -o receive_override_options=no_address_mappings
                -o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject

            #
            # specify the location of the DKIM signing proxy
            # Note: we allow "4" simultaneous deliveries here; high-volume sites may
            #   want a number higher than 4.
            # Note: the smtp_discard_ehlo_keywords option requires Postfix 2.2 or
            #   better. Leave it off if your version does not support it.
            #
            dksign    unix  -       -       n       -       4       smtp
                -o smtp_send_xforward_command=yes
                -o smtp_discard_ehlo_keywords=8bitmime,starttls

            #
            # service for accepting messages FROM the DKIM signing proxy
            #
            127.0.0.1:10028 inet  n  -      n       -       10      smtpd
                -o content_filter=
                -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
                -o smtpd_helo_restrictions=
                -o smtpd_client_restrictions=
                -o smtpd_sender_restrictions=
                -o smtpd_recipient_restrictions=permit_mynetworks,reject
                -o mynetworks=127.0.0.0/8
                -o smtpd_authorized_xforward_hosts=127.0.0.0/8



7. Start Postfix
            /usr/sbin/postfix-out-out/postfix-out -c /etc/postfix-out-out start


8. Start DKIM Proxy
            /usr/local/dkimproxy/bin/dkimproxy.out --user=dkim --group=dkim --selector=relay1 --keyfile=/var/db/domainkeys/private.key  --listen=127.0.0.1:10027 --relay=127.0.0.1:10028 --method=simple --domain=in.com --signature=domainkeys --signature=dkim --daemonize