Menu

How to Setup DomainKeys (DKIM) with Postfix on CentOS/RHEL 7/6

Written by , Updated on November 19, 2019

DKIM (DomainKeys Identified Mail) is a method of signing electronic emails using public-private key. DKIM is used by receiving mail server for identifying email, that they are sent by authorized mail servers. It also minimizes the possibility of getting emails SPAM.

This tutorial will provide you a quick and easy way to set up DomainKeys with your POSTFIX running on CentOS and RHEL systems.

dkim-domainkeys

How DKIM Works ?

When we configured DKIM on sending servers. First, we generated a public/private key pair for signing outgoing messages. The public key is configured as TXT record on a domains name server, and the private key is configured in the outbound email server. When an email is sent by an authorized user of the email server, the server uses the stored private key to generate a digital signature of the message, which is inserted in the message as a header, and the email is sent as normal.

Step 1 – Install DKIM-milter

First make sure you have enabled EPEL repository in your system. After that install dkim-milter package using following command.

yum install postfix opendkim

Step 2 – Generate Key Pair

Now create DKIM key pair using dkim-genkey command line utility provided by dkim-milter package. For this tutorial we are using domain name “example.com”, Change this name with your actual names.

MYDOMAIN=example.com
mkdir -p /etc/opendkim/keys/$MYDOMAIN
cd /etc/opendkim/keys/$MYDOMAIN
opendkim-genkey -r -d $MYDOMAIN

Above command will generate two files default.private and default.txt. You can created multiple DKIM keys for different-2 domains and configure with your postfix server.

Now set the proper permissions on Keys directory.

chown -R opendkim:opendkim /etc/opendkim
chmod go-rw /etc/opendkim/keys

Step 3 – Configure OpenDKIM

Edit the Opendkim configuration file and Add/Update following entries in file.

vim /etc/opendkim.conf

Mode     sv
Socket   inet:[email protected]
Domain   example.com
#KeyFile        /etc/opendkim/keys/default.private  ### comment this line
KeyTable        /etc/opendkim/KeyTable
SigningTable   refile:/etc/opendkim/SigningTable
ExternalIgnoreList      refile:/etc/opendkim/TrustedHosts
InternalHosts   refile:/etc/opendkim/TrustedHosts

Then edit the domain keys lists setting file /etc/opendkim/KeyTable and add following entry.

default._domainkey.example.com example.com:default:/etc/opendkim/keys/example.com/default.private

After that edit /etc/opendkim/SigningTable file and update following entry.

*@example.com default._domainkey.example.com

And edit /etc/opendkim/TrustedHosts file and update following entry.

mail.example.com
example.com

Step 4 – Configure Postfix

Now edit POSTFIX configuration file /etc/postfix/main.cf and add following values at the end of file

smtpd_milters = inet:127.0.0.1:8891
non_smtpd_milters = $smtpd_milters
milter_default_action = accept

finally start DKIM service using following command

service opendkim start

Step 5 – Configure DNS Entry

After configuring private key in postfix server. there will be another file /etc/opendkim/keys/example.com/default.txt/strong> generated by opendkim-genkey. Edit your DNS zone file and add this as TXT record found in default.txt. In my case this is like below.

default._domainkey      IN      TXT     ( "v=DKIM1; k=rsa; s=email; "
"p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCdTtEqM8FqndiFYOderzljMMMqBdEp+wJKP+VUbhc9GigmK34ZjrSqqdKjIEWr2q9DvSVp1H1bZs4t050m0HZxJqknDz2yoDJ6W4mCaSCHesRde5V44V/L65Gqm/rvBz1d6CCp8A2515eveWrIAocOD6pKJ4tnXHz3uwV2ZtgQiQIDAQAB" )  ; ----- DKIM key default for example.com

Step 6 – Verify DKIM

To verify that DKIM is working properly. Let’s send a test email through command line

mail -vs "Test DKIM" [email protected] < /dev/null

In the received email in our mailbox, open the source of the email and search for "DKIM-Signature". You will find something like below

DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=example.com;
	s=default.private; t=1402388963;
	bh=fdkeB/A0FkbVP2k4J4pNPoe23AvqBm9+b0C3OY87Cw8=;
	h=Date:From:Message-Id:To:Subject;
	b=M6g0eHe3LNqURha9d73bFWlPfOERXsXxrYtN2qrSQ6/0WXtOxwkEjfoNTHPzoEOlD
	 i6uLLwV+3/JTs7mFmrkvlA5ZR693sM5gkVgVJmuOsylXSwd3XNfEcGSqFRRIrLhHtbC
	 mAXMNxJtih9OuVNi96TrFNyUJeHMRvvbo34BzqWY=

Rahul
Rahul
Connect on Facebook Connect on Twitter

I, Rahul Kumar am the founder and chief editor of TecAdmin.net. I am a Red Hat Certified Engineer (RHCE) and working as an IT professional since 2009..

13 Comments

  1. Avatar William König Reply
    October 3, 2020 at 2:32 pm

    When I start opendkim service with “#service opendkim start” I get:
    Redirecting to /bin/systemctl start opendkim.service
    Job for opendkim.service failed because the control process exited with error code. See “systemctl status opendkim.service” and “journalctl -xe” for details.

    Can you please help me find my mistake?

    • Rahul Rahul Reply
      October 4, 2020 at 3:24 am

      Use “journalctl -xe” command to see detailed error message.

      • Avatar William Reply
        October 19, 2020 at 11:20 am

        it says:
        — Logs begin at Mi 2020-07-22 17:10:29 CEST. —
        Okt 19 13:05:01 hostname.com systemd[1]: opendkim.service: control process exited, code=exited status=78

        • Avatar William Reply
          October 19, 2020 at 11:22 am

          Okt 19 13:05:01 hostname.com systemd[1]: opendkim.service: control process exited, code=exited status=78
          Okt 19 13:05:01 hostname.com systemd[1]: Failed to start DomainKeys Identified Mail (DKIM) Milter.
          Okt 19 13:05:01 hostname.com systemd[1]: Unit opendkim.service entered failed state.
          Okt 19 13:05:01 hostname.com systemd[1]: opendkim.service failed.
          Okt 19 13:11:02 hostname.com systemd[1]: Starting DomainKeys Identified Mail (DKIM) Milter…
          Okt 19 13:11:02 hostname.com opendkim[14415]: opendkim: /etc/opendkim.conf: refile:/etc/opendkim/SigningTable: dkimf_db_open(): Error compiling regular expression
          Okt 19 13:11:02 hostname.com systemd[1]: opendkim.service: control process exited, code=exited status=78

  2. Avatar Akshay Shelke Reply
    May 18, 2020 at 7:34 am

    helpful,have implimented openDKIM for my banking client. Thanks Rahul.

  3. Avatar Andrew Reply
    December 23, 2019 at 6:13 pm

    Excellent tutorial, thank you! I had to add these two steps for SELinux enforcing systems to allow opendkim service to start (which requires policycoreutils-python-utils):

    1) grep opendkim /var/log/audit/audit.log | audit2allow -M dkimpol
    2) semodule -i dkimpol.pp

  4. Avatar Infra Reply
    November 25, 2019 at 9:54 am

    There is no data in my email source.
    Which part should I look for?

  5. Avatar Elkana Ajowi Reply
    November 17, 2019 at 7:01 am

    This tutorial works. The only addition needed is the instruction on how to give opendkim access to the key files. Without this, “opendkim[1160]: can’t load key from /etc/opendkim/keys/example.com/default.private: Permission denied” will be encountered. This can be remedied by:
    cd /
    chown -R opendkim:opendkim /etc/opendkim
    chmod go-rw /etc/opendkim/keys

    Thank you,
    Elkana Ajowi

  6. Avatar pupu Reply
    October 23, 2019 at 8:10 am

    Dkim-milter has been replaced by opendkim several years ago. I think this article has been re-cycled

  7. Avatar Asymp Reply
    September 4, 2019 at 1:23 pm

    There is no dkim-milter in epel yum repo. Has this procedure been tested? Thanks.

  8. Avatar Ashish Reply
    April 5, 2019 at 5:35 am

    Great man, its quite easily explained the steps to do the DKIM entry. Great Thanks

Leave a Reply

© 2013-2021 Tecadmin.net. All Rights Reserved | Terms  | Privacy Policy