Facebook Twitter Instagram
    TecAdmin
    • Home
    • FeedBack
    • Submit Article
    • About Us
    Facebook Twitter Instagram
    TecAdmin
    You are at:Home»Mail Services»How to Setup DomainKeys (DKIM) with Postfix on CentOS/RHEL 7/6

    How to Setup DomainKeys (DKIM) with Postfix on CentOS/RHEL 7/6

    By RahulJune 1, 20143 Mins ReadUpdated:December 19, 2022

    DKIM (DomainKeys Identified Mail) is a method of signing electronic emails using public-private key. DKIM is used by receiving mail server for identifying email, that they are sent by authorized mail servers. It also minimizes the possibility of getting emails SPAM.

    Advertisement

    This tutorial will provide you a quick and easy way to set up DomainKeys with your POSTFIX running on CentOS and RHEL systems.

    dkim-domainkeys

    How DKIM Works ?

    When we configured DKIM on sending servers. First, we generated a public/private key pair for signing outgoing messages. The public key is configured as TXT record on a domains name server, and the private key is configured in the outbound email server. When an email is sent by an authorized user of the email server, the server uses the stored private key to generate a digital signature of the message, which is inserted in the message as a header, and the email is sent as normal.

    Step 1 – Install DKIM-milter

    First make sure you have enabled EPEL repository in your system. After that install dkim-milter package using following command.

    yum install postfix opendkim
    

    Step 2 – Generate Key Pair

    Now create DKIM key pair using dkim-genkey command line utility provided by dkim-milter package. For this tutorial we are using domain name “example.com”, Change this name with your actual names.

    MYDOMAIN=example.com
    mkdir -p /etc/opendkim/keys/$MYDOMAIN
    cd /etc/opendkim/keys/$MYDOMAIN
    opendkim-genkey -r -d $MYDOMAIN
    

    Above command will generate two files default.private and default.txt. You can created multiple DKIM keys for different-2 domains and configure with your postfix server.

    Now set the proper permissions on Keys directory.

    chown -R opendkim:opendkim /etc/opendkim
    chmod go-rw /etc/opendkim/keys
    

    Step 3 – Configure OpenDKIM

    Edit the Opendkim configuration file and Add/Update following entries in file.

    vim /etc/opendkim.conf
    
    Mode     sv
    Socket   inet:[email protected]
    Domain   example.com
    #KeyFile        /etc/opendkim/keys/default.private  ### comment this line
    KeyTable        /etc/opendkim/KeyTable
    SigningTable   refile:/etc/opendkim/SigningTable
    ExternalIgnoreList      refile:/etc/opendkim/TrustedHosts
    InternalHosts   refile:/etc/opendkim/TrustedHosts
    

    Then edit the domain keys lists setting file /etc/opendkim/KeyTable and add following entry.

    default._domainkey.example.com example.com:default:/etc/opendkim/keys/example.com/default.private
    

    After that edit /etc/opendkim/SigningTable file and update following entry.

    *@example.com default._domainkey.example.com
    

    And edit /etc/opendkim/TrustedHosts file and update following entry.

    mail.example.com
    example.com
    

    Step 4 – Configure Postfix

    Now edit POSTFIX configuration file /etc/postfix/main.cf and add following values at the end of file

    smtpd_milters = inet:127.0.0.1:8891
    non_smtpd_milters = $smtpd_milters
    milter_default_action = accept
    

    finally start DKIM service using following command

    service opendkim start
    

    Step 5 – Configure DNS Entry

    After configuring private key in postfix server. there will be another file /etc/opendkim/keys/example.com/default.txt/strong> generated by opendkim-genkey. Edit your DNS zone file and add this as TXT record found in default.txt. In my case this is like below.

    default._domainkey      IN      TXT     ( "v=DKIM1; k=rsa; s=email; "
    "p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCdTtEqM8FqndiFYOderzljMMMqBdEp+wJKP+VUbhc9GigmK34ZjrSqqdKjIEWr2q9DvSVp1H1bZs4t050m0HZxJqknDz2yoDJ6W4mCaSCHesRde5V44V/L65Gqm/rvBz1d6CCp8A2515eveWrIAocOD6pKJ4tnXHz3uwV2ZtgQiQIDAQAB" )  ; ----- DKIM key default for example.com
    

    Step 6 – Verify DKIM

    To verify that DKIM is working properly. Let’s send a test email through command line

    mail -vs "Test DKIM" [email protected] < /dev/null
    

    In the received email in our mailbox, open the source of the email and search for "DKIM-Signature". You will find something like below

    DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=example.com;
    	s=default.private; t=1402388963;
    	bh=fdkeB/A0FkbVP2k4J4pNPoe23AvqBm9+b0C3OY87Cw8=;
    	h=Date:From:Message-Id:To:Subject;
    	b=M6g0eHe3LNqURha9d73bFWlPfOERXsXxrYtN2qrSQ6/0WXtOxwkEjfoNTHPzoEOlD
    	 i6uLLwV+3/JTs7mFmrkvlA5ZR693sM5gkVgVJmuOsylXSwd3XNfEcGSqFRRIrLhHtbC
    	 mAXMNxJtih9OuVNi96TrFNyUJeHMRvvbo34BzqWY=
    

    DKIM dkim-filter DKIM-Milter DomainKeys Mail Security
    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email WhatsApp

    Related Posts

    Postfix: Relay Email from SMTP based on From Address

    Postfix: Relay Outgoing Emails Based On Sender Address

    How to Setup DKIM (DomainKeys) with Postfix

    A Step-by-Step Guide to Installing OpenDKIM with Postfix on Ubuntu – Unleash the Power of DKIM!

    Installing Roundcube on Ubuntu

    How to Install Roundcube Webmail on Ubuntu 20.04

    View 15 Comments

    15 Comments

    1. Saeed on July 19, 2022 12:01 pm

      Hi
      your article solved my problem
      thanks

      Reply
    2. Darshan on November 4, 2021 10:53 pm

      Hi Rahul, Thanks for this article. When I test the emails its reporting under the Spam with the signature. Any advise?

      Reply
    3. William König on October 3, 2020 2:32 pm

      When I start opendkim service with “#service opendkim start” I get:
      Redirecting to /bin/systemctl start opendkim.service
      Job for opendkim.service failed because the control process exited with error code. See “systemctl status opendkim.service” and “journalctl -xe” for details.

      Can you please help me find my mistake?

      Reply
      • Rahul on October 4, 2020 3:24 am

        Use “journalctl -xe” command to see detailed error message.

        Reply
        • William on October 19, 2020 11:20 am

          it says:
          — Logs begin at Mi 2020-07-22 17:10:29 CEST. —
          Okt 19 13:05:01 hostname.com systemd[1]: opendkim.service: control process exited, code=exited status=78

          Reply
          • William on October 19, 2020 11:22 am

            Okt 19 13:05:01 hostname.com systemd[1]: opendkim.service: control process exited, code=exited status=78
            Okt 19 13:05:01 hostname.com systemd[1]: Failed to start DomainKeys Identified Mail (DKIM) Milter.
            Okt 19 13:05:01 hostname.com systemd[1]: Unit opendkim.service entered failed state.
            Okt 19 13:05:01 hostname.com systemd[1]: opendkim.service failed.
            Okt 19 13:11:02 hostname.com systemd[1]: Starting DomainKeys Identified Mail (DKIM) Milter…
            Okt 19 13:11:02 hostname.com opendkim[14415]: opendkim: /etc/opendkim.conf: refile:/etc/opendkim/SigningTable: dkimf_db_open(): Error compiling regular expression
            Okt 19 13:11:02 hostname.com systemd[1]: opendkim.service: control process exited, code=exited status=78

            Reply
    4. Akshay Shelke on May 18, 2020 7:34 am

      helpful,have implimented openDKIM for my banking client. Thanks Rahul.

      Reply
    5. Andrew on December 23, 2019 6:13 pm

      Excellent tutorial, thank you! I had to add these two steps for SELinux enforcing systems to allow opendkim service to start (which requires policycoreutils-python-utils):

      1) grep opendkim /var/log/audit/audit.log | audit2allow -M dkimpol
      2) semodule -i dkimpol.pp

      Reply
    6. Infra on November 25, 2019 9:54 am

      There is no data in my email source.
      Which part should I look for?

      Reply
    7. Elkana Ajowi on November 17, 2019 7:01 am

      This tutorial works. The only addition needed is the instruction on how to give opendkim access to the key files. Without this, “opendkim[1160]: can’t load key from /etc/opendkim/keys/example.com/default.private: Permission denied” will be encountered. This can be remedied by:
      cd /
      chown -R opendkim:opendkim /etc/opendkim
      chmod go-rw /etc/opendkim/keys

      Thank you,
      Elkana Ajowi

      Reply
      • Rahul on November 19, 2019 9:36 am

        Thanks Ajowi, I have updated tutorial to set proper permissions on files.

        Reply
    8. pupu on October 23, 2019 8:10 am

      Dkim-milter has been replaced by opendkim several years ago. I think this article has been re-cycled

      Reply
    9. Asymp on September 4, 2019 1:23 pm

      There is no dkim-milter in epel yum repo. Has this procedure been tested? Thanks.

      Reply
      • Sudesh Kantila on November 8, 2019 6:02 am

        This seems outdated. You may proceed to install opendkim instead.

        Reply
    10. Ashish on April 5, 2019 5:35 am

      Great man, its quite easily explained the steps to do the DKIM entry. Great Thanks

      Reply

    Leave A Reply Cancel Reply

    Advertisement
    Recent Posts
    • Error: EACCES: permission denied, scandir (Resolved)
    • How To Install Python 3.11 on Ubuntu 22.04 / 20.04
    • How to Install Python 3.11 on Amazon Linux 2
    • An Introduction to the “./configure” Command: Compiling Source Code in Linux
    • How to Install PHP 8.x on Pop!_OS
    Facebook Twitter Instagram Pinterest
    © 2023 Tecadmin.net. All Rights Reserved | Terms  | Privacy Policy

    Type above and press Enter to search. Press Esc to cancel.