How to Setup DKIM (DomainKeys) with Postfix on CentOS

Step 1 – Install DKIM-milter

First make sure you have enabled EPEL repository in your system.

CentOS 8:

$ yum install
$ dnf config-manager --set-enabled PowerTools


CentOS 7:

$ yum install

After that install dkim-milter package using following command.

$ yum install postfix opendkim

Step 2 – Generate Key Pair

Now create DKIM key pair using dkim-genkey command line utility provided by dkim-milter package. For this tutorial we are using domain name “”, Change this name with your actual names.

$ mkdir -p /etc/opendkim/keys/$MYDOMAIN
$ cd /etc/opendkim/keys/$MYDOMAIN
$ opendkim-genkey -r -d $MYDOMAIN

Above command will generate two files default.private and default.txt. You can created multiple DKIM keys for different-2 domains and configure with your postfix server.

Now set the proper permissions on Keys directory.

$ chown -R opendkim:opendkim /etc/opendkim
$ chmod go-rw /etc/opendkim/keys
Step 3 – Configure OpenDKIM

Edit the Opendkim configuration file and Add/Update following entries in file.

$ vim /etc/opendkim.conf

Mode     sv
Socket   inet:[email protected]
#KeyFile        /etc/opendkim/keys/default.private  ### comment this line
KeyTable        /etc/opendkim/KeyTable
SigningTable   refile:/etc/opendkim/SigningTable
ExternalIgnoreList      refile:/etc/opendkim/TrustedHosts
InternalHosts   refile:/etc/opendkim/TrustedHosts

Then edit the domain keys lists setting file /etc/opendkim/KeyTable and add following entry.

After that edit /etc/opendkim/SigningTable file and update following entry.


And edit /etc/opendkim/TrustedHosts file and update following entry.

Step 4 – Configure Postfix
Now edit POSTFIX configuration file /etc/postfix/ and add following values at the end of file
smtpd_milters = inet: non_smtpd_milters = $smtpd_milters milter_default_action = accept
finally start DKIM service using following command
$ service opendkim start
Step 5 – Configure DNS Entry

After configuring private key in postfix server. there will be another file /etc/opendkim/keys/> generated by opendkim-genkey. Edit your DNS zone file and add this as TXT record found in default.txt. In my case this is like below.

default._domainkey      IN      TXT     ( "v=DKIM1; k=rsa; s=email; "
"p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCdTtEqM8FqndiFYOderzljMMMqBdEp+wJKP+VUbhc9GigmK34ZjrSqqdKjIEWr2q9DvSVp1H1bZs4t050m0HZxJqknDz2yoDJ6W4mCaSCHesRde5V44V/L65Gqm/rvBz1d6CCp8A2515eveWrIAocOD6pKJ4tnXHz3uwV2ZtgQiQIDAQAB" )  ; ----- DKIM key default for
Step 6 – Verify DKIM

To verify that DKIM is working properly. Let’s send a test email through command line

$ mail -vs “Test DKIM” [email protected] < /dev/null

In the received email in our mailbox, open the source of the email and search for “DKIM-Signature”. You will find something like below

DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple;;
s=default.private; t=1402388786;



How useful was this post?

Click on a star to rate it!

Average rating 5 / 5. Vote count: 1

No votes so far! Be the first to rate this post.

We are sorry that this post was not useful for you!

Let us improve this post!

Tell us how we can improve this post?


Comments are closed.