How to Setup DomainKeys (DKIM) with Postfix on CentOS/RHEL 7/6

DKIM (DomainKeys Identified Mail) is a method of signing electronic emails using public-private key. DKIM is used by receiving mail server for identifying email, that they are sent by authorized mail servers. It also minimizes the possibility of getting emails SPAM.

This tutorial will provide you a quick and easy way to set up DomainKeys with your POSTFIX running on CentOS and RHEL systems.

How DKIM Works ?

When we configured DKIM on sending servers. First, we generated a public/private key pair for signing outgoing messages. The public key is configured as TXT record on a domains name server, and the private key is configured in the outbound email server. When an email is sent by an authorized user of the email server, the server uses the stored private key to generate a digital signature of the message, which is inserted in the message as a header, and the email is sent as normal.

Step 1 – Install DKIM-milter

First make sure you have enabled EPEL repository in your system. After that install dkim-milter package using following command.

yum --enablerepo=epel install dkim-milter

Step 2 – Generate Key Pair

Now create DKIM key pair using dkim-genkey command line utility provided by dkim-milter package. For this tutorial we are using domain name “example.com”, Change this name with your actual names.

MYDOMAIN=example.com
mkdir -p /etc/mail/dkim-milter/keys/$MYDOMAIN
cd /etc/mail/dkim-milter/keys/$MYDOMAIN
dkim-genkey -r -d $MYDOMAIN

Above command will generate two files default.private and default.txt. You can created multiple DKIM keys for different-2 domains and configure with your postfix server.

Step 3 – Configure DKIM with POSTFIX

First edit the domain keys lists setting file /etc/mail/dkim-milter/keys/keylist and add following entry.

*@example.com:example.com:/etc/mail/dkim-milter/keys/default.private

Edit DKIM configuration file /etc/mail/dkim-milter/dkim-filter.conf and update Socket configuration as below

Socket inet:[email protected]

Now edit POSTFIX configuration file /etc/postfix/main.cf and add following values at the end of file

milter_default_action = accept
milter_protocol = 2
smtpd_milters = inet:localhost:8892
non_smtpd_milters = inet:localhost:8892

finally start DKIM service using following command

/etc/init.d/dkim-milter start

Step 4 – Configure DNS Entry

After configuring private key in postfix server. there will be another file default.txt generated by dkim-genkey. Edit your DNS zone file and add this as TXT record found in default.txt. In my case this is like below.

default._domainkey IN TXT "v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDNHHZ5Wq8b
mpNTwzg+5wwwgKiYphgdRnngxS6Wd1lq9kQRh2OxzOH4kW1gsPe8UA396e9zaXjGlSzbIkeHEt86JzuS+fg+utLrVtIH6gLXJg
xppBjCMhLy95oBLrG9M3rqGtrzHgVclANnYdfGs3Tg6r+RnS7GHW3YqW+7tr45YQIDAQAB" ; ----- DKIM default for example.com

Step 5 – Verify DKIM

To verify that DKIM is working properly. Let’s send a test email through command line

mail -vs "Test DKIM" [email protected] < /dev/null

In the received email in our mailbox, open the source of the email and search for "DKIM-Signature". You will find something like below

DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=example.com;
	s=default.private; t=1402388963;
	bh=fdkeB/A0FkbVP2k4J4pNPoe23AvqBm9+b0C3OY87Cw8=;
	h=Date:From:Message-Id:To:Subject;
	b=M6g0eHe3LNqURha9d73bFWlPfOERXsXxrYtN2qrSQ6/0WXtOxwkEjfoNTHPzoEOlD
	 i6uLLwV+3/JTs7mFmrkvlA5ZR693sM5gkVgVJmuOsylXSwd3XNfEcGSqFRRIrLhHtbC
	 mAXMNxJtih9OuVNi96TrFNyUJeHMRvvbo34BzqWY=