DKIM with postfix

From vpsget wiki
Revision as of 15:26, 5 December 2014 by Vq (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Install DKIM

# yum install opendkim

Backup the original conf file.

# cp /etc/opendkim.conf{,.bak}

Open /etc/opendkim.conf and make it look like below:

AutoRestart             Yes
AutoRestartRate         10/1h
LogWhy                  Yes
Syslog                  Yes
SyslogSuccess           Yes
Mode                    sv
Canonicalization        relaxed/simple
ExternalIgnoreList      refile:/etc/opendkim/TrustedHosts
InternalHosts           refile:/etc/opendkim/TrustedHosts
KeyTable                refile:/etc/opendkim/KeyTable
SigningTable            refile:/etc/opendkim/SigningTable
SignatureAlgorithm      rsa-sha256
Socket                  inet:8891@localhost
PidFile                 /var/run/opendkim/
UMask                   022
UserID                  opendkim:opendkim
TemporaryDirectory      /var/tmp

Generate keys

# mkdir /etc/opendkim/keys/
# opendkim-genkey -D /etc/opendkim/keys/ -d -s default
# chown -R opendkim: /etc/opendkim/keys/
# mv /etc/opendkim/keys/ /etc/opendkim/keys/

Open the file /etc/opendkim/KeyTable and add the following lines but with your domain instead of

Open the file /etc/opendkim/SigningTable and add the following line:


Open the file /etc/opendkim/TrustedHosts and make sure you have:

Note: should be your actual hostname.

Set TXT record for your domain from the file /etc/opendkim/keys/ Domain field:


Value field:

v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDh3kJR4v0HW+sw5LmSPtM3uPeAZrwfU+yWkVk1AMyqSTRDO74JJCJl55gWSdB4+fGQ6uV5HvjvtKSHztJ+0jxrK0bOOeUgkIjsAqnk1xGPIO/YMp81zJneQ5Bli0crCsXDM3ipT73vUC/iuU1/R9uecB+aRszgZmoLQaDGK2WxjwIDAQAB

Check TXT record:

dig +short TXT


It is a good idea to set the following TXT records: SPF and DMARC.



Domain: Record: v=spf1 a mx ~all


Domain: Record: v=DMARC1; p=quarantine;