Chat +1-888-563-5277 Contact sales

How to Configure DKIM (OpenDKIM) with Postfix

DKIM (DomainKeys Identified Mail) is an email authentication protocol that allows recipients to verify that an email message truly came from the domain that it claims to have come from. Because spam often contains counterfeit headers, this type of authentication is required. In this article explains and showcases step by step how to install and configure OpenDKIM with Postfix on CentOS Linux. 

DKIM makes use of public-key cryptography to enable senders to electronically sign valid emails in a way that recipients can verify. DKIM also protects mail from tampering, providing nearly end-to-end integrity from the signature to the validating Mail Transfer Agent (MTA). 
Let’s find out how to install and configure DKIM with Postfix MTA on CentOS 8.

How to Install and Configure OpenDKIM with Postfix on CentOS Linux 

Step 1: Installation

First, install OpenDKIM.

sudo yum install opendkim 

Step 2: OpenDKIM Configuration

Edit OpenDKIM main configuration file

sudo nano /etc/opendkim.conf

Find the “Mode v” line, and change it to “Mode sv”
By default, OpenDKIM is set to verification mode (v), which verifies receiving email messages’ DKIM signatures. To activate signing mode for outgoing emails, we need to input “Mode sv”
Change “Mode v” to “Mode sv”

Then, find the following lines and remove the Comment (#)

Keyfile
KeyTable
SigningTable
ExternalIgnoreList
InternalHosts

Remove the Comment (#) for

By the end of this file, add your

Domain yourdomain.com

and add

RequireSafeKeys False

Add “RequireSafeKeys False”

Next, we need to edit the signing table file

sudo nano /etc/opendkim/SigningTable


Add the following line at the end of this file. This tells OpenDKIM that if a sender on your server is using any @yourdomain.com address (in this example, *@easydmarc.me), then it should be signed with the key identified by default._domainkey.yourdomain.com (in this example, default._domainkey.easydmarc.me)

*@yourdomain.com yourselector._domainkey.yourdomain.com

sudo nano /etc/opendkim/SigningTable

Note: default is the DKIM selector. A domain might have multiple DKIM Signatures. The DKIM selector allows you to choose a particular DKIM Key. You can use any name of your choice, but make sure you don’t have a DKIM Signature already implemented with the same selector name.

Save and close, then edit the KeyTable file.

sudo nano /etc/opendkim/KeyTable


Add the following line, which specifies the location of the DKIM private key.

youselector._domainkey.yourdomain.com yourdomain.com:selector:/etc/opendkim/keys/yourdomain.com/default.private


In this screenshot, selector is defined as default

sudo nano /etc/opendkim/KeyTable

Save and close the file. Next, edit the Trusted Hosts file.

sudo nano /etc/opendkim/TrustedHosts


127.0.0.0.1 and ::1 are included in this file by default. Now add the following line: *.yourdomain.com

sudo nano /etc/opendkim/TrustedHosts

Step 3: Generate Private/Public Keys

First, create a new directory for your domain

sudo mkdir /etc/opendkim/keys/yourdomain.com

Then, we need to Generate keys using opendkim-genkey tool

sudo opendkim-genkey -b 1024 -d yourdomain.com -D /etc/opendkim/keys/yourdomain.com -s yourselector -v

sudo opendkim-genkey -b 1024 -d domain.com -D /etc/opendkim/keys/domain.com -s selector -v

Next, we need to make opendkim the owner of the keys.

sudo chown opendkim:opendkim /etc/opendkim/keys -R 

Step 4: Publish Public Key in your DNS

Get and display the Public Key

sudo cat /etc/opendkim/keys/yourdomain.com/default.txt

sudo cat /etc/opendkim/keys/domain.com/default.txt

Once you get the Public Key, implement it in your DNS (In this example, Cloudflare).
Important Notes:
Name/Target: yourselector._domainkey
Content: Value you’ve copied in the previous stage. Make sure to remove any spaces or double-quotes.

Implement the Public Key in your DNS

After publishing DKIM Public key in your DNS, confirm DKIM is valid using EasyDMARC DKIM Lookup tool

easydmarc dkim lookup tool

Step 5: Connect Postfix to OpenDKIM

Edit Postfix main configuration file

sudo nano /etc/postfix/main.cf


Add the following lines at the end of the “main.cf” file, so Postfix can call OpenDKIM via the milter protocol

smtpd_milters = inet:127.0.0.1:8891
non_smtpd_milters = $smtpd_milters 
milter_default_action = accept 

open dkim configuration

Save and close the file. Then restart OpenDKIM and Postfix

sudo service opendkim restart
sudo service postfix restart

Step 6: DKIM Check

Send a test email from your server to confirm DKIM is working.

 

Send a Test email and confirm DKIM is working

Your Guide to Data Breach Response

Your Guide to Data Breach Response

Data breaches have become more prominent in number and impact. That’s why a quick...

Read More
iOS 15 and Effects on Email Campaigns

iOS 15 and Effects on Email Campaigns

iOS 15 is the recent Apple operating system update that includes major changes for...

Read More
Mailchimp Authentication Setup: Step by Step

Mailchimp Authentication Setup: Step by Step

Mailchimp is an automated email marketing platform that’s used by businesses to reach their...

Read More
×