How to Setup DKIM (DomainKeys) with Postfix on CentOS

Step 1 – Install DKIM-milter

First make sure you have enabled EPEL repository in your system.

CentOS 8:

$ yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
$ dnf config-manager --set-enabled PowerTools

 

CentOS 7:

$ yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm

After that install dkim-milter package using following command.

$ yum install postfix opendkim

Step 2 – Generate Key Pair

Now create DKIM key pair using dkim-genkey command line utility provided by dkim-milter package. For this tutorial we are using domain name “example.com”, Change this name with your actual names.

$ MYDOMAIN=example.com
$ mkdir -p /etc/opendkim/keys/$MYDOMAIN
$ cd /etc/opendkim/keys/$MYDOMAIN
$ opendkim-genkey -r -d $MYDOMAIN

Above command will generate two files default.private and default.txt. You can created multiple DKIM keys for different-2 domains and configure with your postfix server.

Now set the proper permissions on Keys directory.

$ chown -R opendkim:opendkim /etc/opendkim
$ chmod go-rw /etc/opendkim/keys
Step 3 – Configure OpenDKIM

Edit the Opendkim configuration file and Add/Update following entries in file.

$ vim /etc/opendkim.conf

Mode     sv
Socket   inet:[email protected]
Domain   example.com
#KeyFile        /etc/opendkim/keys/default.private  ### comment this line
KeyTable        /etc/opendkim/KeyTable
SigningTable   refile:/etc/opendkim/SigningTable
ExternalIgnoreList      refile:/etc/opendkim/TrustedHosts
InternalHosts   refile:/etc/opendkim/TrustedHosts

Then edit the domain keys lists setting file /etc/opendkim/KeyTable and add following entry.

default._domainkey.example.com example.com:default:/etc/opendkim/keys/example.com/default.private

After that edit /etc/opendkim/SigningTable file and update following entry.

*@example.com default._domainkey.example.com

And edit /etc/opendkim/TrustedHosts file and update following entry.

mail.example.com
example.com

Step 4 – Configure Postfix
Now edit POSTFIX configuration file /etc/postfix/main.cf and add following values at the end of file
smtpd_milters = inet:127.0.0.1:8891 non_smtpd_milters = $smtpd_milters milter_default_action = accept
finally start DKIM service using following command
$ service opendkim start
Step 5 – Configure DNS Entry

After configuring private key in postfix server. there will be another file /etc/opendkim/keys/example.com/default.txt/strong> generated by opendkim-genkey. Edit your DNS zone file and add this as TXT record found in default.txt. In my case this is like below.

default._domainkey      IN      TXT     ( "v=DKIM1; k=rsa; s=email; "
"p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCdTtEqM8FqndiFYOderzljMMMqBdEp+wJKP+VUbhc9GigmK34ZjrSqqdKjIEWr2q9DvSVp1H1bZs4t050m0HZxJqknDz2yoDJ6W4mCaSCHesRde5V44V/L65Gqm/rvBz1d6CCp8A2515eveWrIAocOD6pKJ4tnXHz3uwV2ZtgQiQIDAQAB" )  ; ----- DKIM key default for example.com
Step 6 – Verify DKIM

To verify that DKIM is working properly. Let’s send a test email through command line

$ mail -vs “Test DKIM” [email protected] < /dev/null

In the received email in our mailbox, open the source of the email and search for “DKIM-Signature”. You will find something like below

DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=example.com;
s=default.private; t=1402388786;
bh=fdkeB/A0FkbVP2k4J4pNPoe23AvqBm9+b0C3OY87Cw8=;
h=Date:From:Message-Id:To:Subject;
b=M6g0eHe3LNqURha9d73bFWlPfOERXsXxrYtN2qrSQ6/0WXtOxwkEjfoNTHPzoEOlD
i6uLLwV+3/JTs7mFmrkvlA5ZR693sM5gkVgVJmuOsylXSwd3XNfEcGSqFRRIrLhHtbC
mAXMNxJtih9OuVNi96TrFNyUJeHMRvvbo34BzqWY=

 

 

How useful was this post?

Click on a star to rate it!

Average rating 0 / 5. Vote count: 0

No votes so far! Be the first to rate this post.

We are sorry that this post was not useful for you!

Let us improve this post!

Tell us how we can improve this post?