=======================================
FreeBSD sendmail opendkim spf dmarc
=======================================

pkg search opendkim
pkg install opendkim

mkdir /usr/local/etc/mail/opendkim.keys


=======================================
/etc/rc.conf
---------------------------------------

# opendkim
milteropendkim_enable="YES"
milteropendkim_uid="mailnull"


=======================================
/usr/local/etc/mail/opendkim.conf
---------------------------------------

ExternalIgnoreList refile:/usr/local/etc/mail/opendkim.trustedhosts
InternalHosts refile:/usr/local/etc/mail/opendkim.trustedhosts
KeyTable refile:/usr/local/etc/mail/opendkim.keytable
PidFile /var/run/opendkim/opendkim.pid
Selector some-name
SigningTable refile:/usr/local/etc/mail/opendkim.signingtable
Socket inet:8891@localhost
Syslog Yes


=======================================
/usr/local/etc/mail/opendkim.trustedhosts
---------------------------------------

127.0.0.1
localhost


=======================================
/usr/local/etc/mail/opendkim.signingtable
---------------------------------------

# *@[a-z0-9]*.example.com default._domainkey.example.com


=======================================
Generate a key for example.com
---------------------------------------

mkdir /usr/local/etc/mail/opendkim.keys/example.com

opendkim-genkey -D /usr/local/etc/mail/opendkim.keys/example.com -d example.com -s default

echo example.com >> /usr/local/etc/mail/opendkim.trustedhosts

echo "*@example.com default._domainkey.example.com" >> /usr/local/etc/mail/opendkim.signingtable

echo "default._domainkey.example.com example.com:default:/usr/local/etc/mail/opendkim.keys/example.com/default.private" >> /usr/local/etc/mail/opendkim.keytable

chown -R mailnull:mailnull /usr/local/etc/mail/opendkim.keys/*/*

service milter-opendkim restart


=======================================
Add key to dns record
---------------------------------------

cat /usr/local/etc/mail/opendkim.keys/example.com/default.txt


=======================================
/usr/local/etc/namedb/primary/db.example.com
---------------------------------------

@                       MX 10           mail.example.com.
@                       TXT             "v=spf1 a mx ip4:97.98.99.96/29 ~all"
mail                    TXT             "v=spf1 a mx ip4:97.98.99.96/29 ~all"
_dmarc                  TXT             "v=DMARC1; p=quarantine"
default._domainkey      IN      TXT     ( "v=DKIM1; h=sha256; k=rsa; "
          "p=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
          "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" )  ; ----- DKIM key default for example.com
mail                    A               97.98.99.100


=======================================
end
=======================================