Chat +1-888-563-5277 Contact sales

How to Configure DKIM (OpenDKIM) with Postfix

DKIM (DomainKeys Identified Mail) is an email authentication protocol that allows recipients to verify that an email message truly came from the domain that it claims to have come from. Because spam often contains counterfeit headers, this type of authentication is required. In this article explains and showcases step by step how to install and configure OpenDKIM with Postfix on CentOS Linux. 

DKIM makes use of public-key cryptography to enable senders to electronically sign valid emails in a way that recipients can verify. DKIM also protects mail from tampering, providing nearly end-to-end integrity from the signature to the validating Mail Transfer Agent (MTA). 
Let’s find out how to install and configure DKIM with Postfix MTA on CentOS 8.

How to Configure DKIM (OpenDKIM) with Postfix, EasyDMARC

How to Install and Configure OpenDKIM with Postfix on CentOS Linux 

Step 1: Installation

First, install OpenDKIM.

sudo yum install opendkim 

Step 2: OpenDKIM Configuration

Edit OpenDKIM main configuration file

sudo nano /etc/opendkim.conf

Find the “Mode v” line, and change it to “Mode sv”
By default, OpenDKIM is set to verification mode (v), which verifies receiving email messages’ DKIM signatures. To activate signing mode for outgoing emails, we need to input “Mode sv”
Change “Mode v” to “Mode sv”

Then, find the following lines and remove the Comment (#)

Keyfile
KeyTable
SigningTable
ExternalIgnoreList
InternalHosts

Remove the Comment (#) for

By the end of this file, add your

Domain yourdomain.com

and add

RequireSafeKeys False

Add “RequireSafeKeys False”

Next, we need to edit the signing table file

sudo nano /etc/opendkim/SigningTable


Add the following line at the end of this file. This tells OpenDKIM that if a sender on your server is using any @yourdomain.com address (in this example, *@easydmarc.me), then it should be signed with the key identified by default._domainkey.yourdomain.com (in this example, default._domainkey.easydmarc.me)

*@yourdomain.com yourselector._domainkey.yourdomain.com

sudo nano /etc/opendkim/SigningTable

Note: default is the DKIM selector. A domain might have multiple DKIM Signatures. The DKIM selector allows you to choose a particular DKIM Key. You can use any name of your choice, but make sure you don’t have a DKIM Signature already implemented with the same selector name.

Save and close, then edit the KeyTable file.

sudo nano /etc/opendkim/KeyTable


Add the following line, which specifies the location of the DKIM private key.

youselector._domainkey.yourdomain.com yourdomain.com:selector:/etc/opendkim/keys/yourdomain.com/default.private


In this screenshot, selector is defined as default

sudo nano /etc/opendkim/KeyTable

Save and close the file. Next, edit the Trusted Hosts file.

sudo nano /etc/opendkim/TrustedHosts


127.0.0.0.1 and ::1 are included in this file by default. Now add the following line: *.yourdomain.com

sudo nano /etc/opendkim/TrustedHosts

Step 3: Generate Private/Public Keys

First, create a new directory for your domain

sudo mkdir /etc/opendkim/keys/yourdomain.com

Then, we need to Generate keys using opendkim-genkey tool

sudo opendkim-genkey -b 1024 -d yourdomain.com -D /etc/opendkim/keys/yourdomain.com -s yourselector -v

sudo opendkim-genkey -b 1024 -d domain.com -D /etc/opendkim/keys/domain.com -s selector -v

Next, we need to make opendkim the owner of the keys.

sudo chown opendkim:opendkim /etc/opendkim/keys -R 

Step 4: Publish Public Key in your DNS

Get and display the Public Key

sudo cat /etc/opendkim/keys/yourdomain.com/default.txt

sudo cat /etc/opendkim/keys/domain.com/default.txt

Once you get the Public Key, implement it in your DNS (In this example, Cloudflare).
Important Notes:
Name/Target: yourselector._domainkey
Content: Value you’ve copied in the previous stage. Make sure to remove any spaces or double-quotes.

Implement the Public Key in your DNS

After publishing DKIM Public key in your DNS, confirm DKIM is valid using EasyDMARC DKIM Lookup tool

easydmarc dkim lookup tool

Step 5: Connect Postfix to OpenDKIM

Edit Postfix main configuration file

sudo nano /etc/postfix/main.cf


Add the following lines at the end of the “main.cf” file, so Postfix can call OpenDKIM via the milter protocol

smtpd_milters = inet:127.0.0.1:8891
non_smtpd_milters = $smtpd_milters milter_default_action = accept 

open dkim configuration

Save and close the file. Then restart OpenDKIM and Postfix

sudo service opendkim restart
sudo service postfix restart

Step 6: DKIM Check

Send a test email from your server to confirm DKIM is working.

 

Send a Test email and confirm DKIM is working

What is a Computer Worm and How Does it Work?

What is a Computer Worm and How Does it Work?

Imagine if an unauthorized person gains access to all the important files on your...

Read More
How Dangerous is Hybrid Malware?

How Dangerous is Hybrid Malware?

Cybercriminals find one or another way to hack systems, steal, and cause harm. With...

Read More
What is Virus Malware and How Does it Work?

What is Virus Malware and How Does it Work?

It doesn’t matter if we’re offline or online, safety of our device and data...

Read More
×