Tag Archives: Ubuntu

Installing OpenDKIM

Follow these steps to install OpenDKIM on Ubuntu and Plesk.
I will use domain.tld (as the primary domain) and example.com as my domains, I have enabled subdomains so mail from the server mail.domain.tld gets signed too as in this case mail.domain.tld is also the Posfix hostname and mailname…

1. First login as root as run…

2. Create the folder structure…

3. Create a key, I’ll use “dkim” as the selector and create 1024bit keys
You will have two files in the folder, dkim.private and dkim.txt, the latter contains the DNS record for you to add in Plesk or at your domains registrar.

4. Now we’ll create the SigningTable and the KeyTable…

The contents should look like…

5. And the KeyTable…

The contents should look like…

You can see the subdomains point to the same key as the domain.

6. Next we have to create the internal hosts file…

and add your IP and host names…

7. Now edit /etc/opendkim.conf

And define these settings…

8. Make sure you create the log directory, and the log file is owned by opendkim:opendkim

9. We now need to define the socket…

And uncomment…

10. And restart opendkim

11. Our last step is too add this milter to our postfix configuration file…

Restart Postfix…

And you should be good.

Creating ECC Certificates

Here’s a very quick guide on creating ECC 256Bit Self-Signed Certificates with OpenSSL and Ubuntu 12 and 14.

1. Firstly lets create a folder to hold the files..

2. Move to that directory…

3. Now lets create the key

4. Create the request

5. Create the certificate

6. While we are here, lets combine the private key and certificate into a .pem file.

You now have a Self-Signed ECC 256Bit SHA256 certificate for your domain, and a .csr file for use at your favourite CA.

Should you wish to have ECC 384 Bit, simply replace “prime256v1” in step three, with secp384r1,
and “-sha256” in step five with -sha384.

Enjoy!

Creating DH Parameters

By default DH Parameters are just 1024bits in Ubuntu 12.04.5 LTS which is considered weak by todays standards.
You will need to create a new one of either 2048Bit or 4096Bit depending on your certificates public key size.

1. Create a folder to hold the dhparams…

2. Move to that directory

3. Create the new DH Parameters, at 2048Bit

And 4096Bit (this will take some time)

5. You can also create DSA versions, at 2048Bit…

And 4096Bit

Now you can add the directives to your servers, Courier-Imap, Dovecot, Nginx and Postfix.

Courier-Imap

Dovecot (creates it’s own)

Nginx

Postfix

Enjoy!