How to configure DKIM for your Domain with Postfix


First install opendkim:

apt-get update
apt-get install opendkim opendkim-tools

 

Append the following content to /etc/opendkim.conf:

AutoRestart             Yes
AutoRestartRate         10/1h
UMask                   002
Syslog                  yes
SyslogSuccess           Yes
LogWhy                  Yes
Canonicalization        relaxed/simple
ExternalIgnoreList      refile:/etc/opendkim/TrustedHosts
InternalHosts           refile:/etc/opendkim/TrustedHosts
KeyTable                refile:/etc/opendkim/KeyTable
SigningTable            refile:/etc/opendkim/SigningTable
Mode                    sv
PidFile                 /var/run/opendkim/opendkim.pid
SignatureAlgorithm      rsa-sha256
UserID                  opendkim:opendkim
Socket                  inet:12301@localhost

 

Add the following line to /etc/default/opendkim:

SOCKET="inet:12301@localhost"

 

Add these lines to /etc/postfix/main.cf:

milter_protocol = 2
milter_default_action = accept
smtpd_milters = inet:localhost:12301
non_smtpd_milters = inet:localhost:12301

Create the needed folders:

mkdir -p /etc/opendkim/keys/example.net
In this tutorial we'll configure DKIM for a domain example.net, change it accordingly!

 

Add these lines to /etc/opendkim/TrustedHosts (you may also use CIDR notation):

127.0.0.1
localhost
*.example.net

 

Add this line to  /etc/opendkim/KeyTable:

mail._domainkey.example.net example.net:mail:/etc/opendkim/keys/example.net/mail.private

 

And add this line to /etc/opendkim/SigningTable:

*@example.net mail._domainkey.example.net

 

Create keys:

cd /etc/opendkim/keys/example.net
opendkim-genkey -s mail -d example.net
chown opendkim:opendkim mail.private

With the contents of the so generated file /etc/opendkim/keys/example.net/mail.txt you can now create a TXT DNS entry for your domain.
Name: mail._domainkey.example.net:
Value: v=DKIM1; k=rsa; p=……..

 

Now restart postfix and opendkim:

service postfix restart
service opendkim restart

That's it!
You can test the result for example by sending an e-mail to check-auth@verifier.port25.com – you'll receive a response e-mail with the results.