How to Configure DKIM (OpenDKIM) with Postfix
DKIM (DomainKeys Identified Mail) is an email authentication protocol that allows recipients to verify that an email message truly came from the domain that it claims to have come from. Because spam often contains counterfeit headers, this type of authentication is required. In this article explains and showcases step by step how to install and configure OpenDKIM with Postfix on CentOS Linux.
DKIM makes use of public-key cryptography to enable senders to electronically sign valid emails in a way that recipients can verify. DKIM also protects mail from tampering, providing nearly end-to-end integrity from the signature to the validating Mail Transfer Agent (MTA).
Let’s find out how to install and configure DKIM with Postfix MTA on CentOS 8.
How to Install and Configure OpenDKIM with Postfix on CentOS Linux
Step 1: Installation
First, install OpenDKIM.
sudo yum install opendkim
Step 2: OpenDKIM Configuration
Edit OpenDKIM main configuration file
sudo nano /etc/opendkim.conf
Find the “Mode v” line, and change it to “Mode sv”
By default, OpenDKIM is set to verification mode (v), which verifies receiving email messages’ DKIM signatures. To activate signing mode for outgoing emails, we need to input “Mode sv”
Then, find the following lines and remove the Comment (#)
By the end of this file, add your
Next, we need to edit the signing table file
sudo nano /etc/opendkim/SigningTable
Add the following line at the end of this file. This tells OpenDKIM that if a sender on your server is using any @yourdomain.com address (in this example, *@easydmarc.me), then it should be signed with the key identified by default._domainkey.yourdomain.com (in this example, default._domainkey.easydmarc.me)
Note: default is the DKIM selector. A domain might have multiple DKIM Signatures. The DKIM selector allows you to choose a particular DKIM Key. You can use any name of your choice, but make sure you don’t have a DKIM Signature already implemented with the same selector name.
Save and close, then edit the KeyTable file.
sudo nano /etc/opendkim/KeyTable
Add the following line, which specifies the location of the DKIM private key.
In this screenshot, selector is defined as default
Save and close the file. Next, edit the Trusted Hosts file.
sudo nano /etc/opendkim/TrustedHosts
127.0.0.0.1 and ::1 are included in this file by default. Now add the following line: *.yourdomain.com
Step 3: Generate Private/Public Keys
First, create a new directory for your domain
sudo mkdir /etc/opendkim/keys/yourdomain.com
Then, we need to Generate keys using opendkim-genkey tool
sudo opendkim-genkey -b 1024 -d yourdomain.com -D /etc/opendkim/keys/yourdomain.com -s yourselector -v
Next, we need to make opendkim the owner of the keys.
sudo chown opendkim:opendkim /etc/opendkim/keys -R
Step 4: Publish Public Key in your DNS
Get and display the Public Key
sudo cat /etc/opendkim/keys/yourdomain.com/default.txt
Once you get the Public Key, implement it in your DNS (In this example, Cloudflare).
Content: Value you’ve copied in the previous stage. Make sure to remove any spaces or double-quotes.
After publishing DKIM Public key in your DNS, confirm DKIM is valid using EasyDMARC DKIM Lookup tool
Step 5: Connect Postfix to OpenDKIM
Edit Postfix main configuration file
sudo nano /etc/postfix/main.cf
Add the following lines at the end of the “main.cf” file, so Postfix can call OpenDKIM via the milter protocol
smtpd_milters = inet:127.0.0.1:8891
non_smtpd_milters = $smtpd_milters
milter_default_action = accept
Save and close the file. Then restart OpenDKIM and Postfix
sudo service opendkim restart
sudo service postfix restart
Step 6: DKIM Check
Send a test email from your server to confirm DKIM is working.