How to install and configure dkim with OpenDKIM and Exim on a CentOS 7 VPS

how-to-install-and-integrate-opendkim-with-postfix-on-a-centos-6-vpsIn this article we will walk you through the steps of installing and configuring dkim with OpenDKIM and Exim on a CentOS 7 SSD VPS.

You should have a working mail server setup with Exim before proceeding with this tutorial. Check our guide on how to set-up a mail server with Exim and Dovecot on a CentOS 7 VPS if you don’t have setup a mail server yet.

What is OpenDKIM?

OpenDKIM is an open source implementation of the DKIM (Domain Keys Identified Mail) sender authentication system which is an email validation system designed to detect email spoofing by providing a mechanism to allow receiving mail exchangers to check that incoming mail from a domain is authorized by that domain’s administrators. A digital signature included with the message can be validated by the recipient using the signer’s public key published in the DNS.



Before you start with the installation of OpenDKIM, ssh to your server and initiate a screen session using the command below:

## screen -U -S exim-opendkim

once you’re in a screen session, update your CentOS 7 VPS using yum as in:

## yum update



## yum install curl wget vim openssl man



OpenDKIM is available in the EPEL (Extra Packages for Enterprise Linux) repositry, so let’s enable EPEL repository on the CentOS VPS using:

## yum install

if you get a 404 not found, go at and install the latest epel-release rpm package available.

next, check if EPEL has been enabled on your system using:

## yum repolist



Once EPEL has been enabled on your linux server, install OpenDKIM using the command below:

## yum install opendkim

and proceed with configuring it by renaming its default configuration to something like /etc/opendkim.conf.orig and adding the following to /etc/opendkim.conf

## mv /etc/opendkim.conf{,.orig}
## vim /etc/opendkim.conf
AutoRestart             Yes
AutoRestartRate         10/1h
LogWhy                  Yes
Syslog                  Yes
SyslogSuccess           Yes
Mode                    sv
Canonicalization        relaxed/simple
ExternalIgnoreList      refile:/etc/opendkim/TrustedHosts
InternalHosts           refile:/etc/opendkim/TrustedHosts
KeyTable                refile:/etc/opendkim/KeyTable
SigningTable            refile:/etc/opendkim/SigningTable
SignatureAlgorithm      rsa-sha256
Socket                  inet:8891@localhost
PidFile                 /var/run/opendkim/
UMask                   022
UserID                  opendkim:opendkim
TemporaryDirectory      /var/tmp

To learn more about opendkim.conf you can check man opendkim.conf.



Now generate a set of keys for your domain name using the commands below:

## mkdir /etc/opendkim/keys/
## opendkim-genkey -D /etc/opendkim/keys/ -d -s default
## chown -R opendkim: /etc/opendkim/keys/
## mv /etc/opendkim/keys/ /etc/opendkim/keys/

once the keys are generated, add to OpenDKIM’s key table by adding the following record in /etc/opendkim/KeyTable

next, edit /etc/opendkim/SigningTable and add the following record to OpenDKIM’s signing table:


and add your domain and your hostname as trusted hosts in /etc/opendkim/TrustedHosts:

assuming the domain in question is ‘’ and server’s hostname is set to ‘’

finally, edit your DNS zone and add the TXT record from /etc/opendkim/keys/

default._domainkey      IN      TXT     ( "v=DKIM1; k=rsa; "
          "p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDApHRr7ZmXRaAB+RQRbP4VdMwIrIHIP18KFtXRsv/xpWc0Gix6ZXN13fcG03KNGKZo2PY+csPkGC5quDnH5V0JEhDZ78KcDWFsU6u4fr9ktVAdt6P7jWXjcyqdHOZ8+YN4cAeU4lRFNgQvdupIcByYwzPYMgBFHfJm9014HvRqhwIDAQAB" )  ; ----- DKIM key default for

you can verify if your dkim TXT record is valid using dig for example:

## dig +short TXT

"v=DKIM1\; k=rsa\; " "p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDApHRr7ZmXRaAB+RQRbP4VdMwIrIHIP18KFtXRsv/xpWc0Gix6ZXN13fcG03KNGKZo2PY+csPkGC5quDnH5V0JEhDZ78KcDWFsU6u4fr9ktVAdt6P7jWXjcyqdHOZ8+YN4cAeU4lRFNgQvdupIcByYwzPYMgBFHfJm9014HvRqhwIDAQAB"



Now set-up Exim to use OpenDKIM for signing the emails by editing /etc/exim/exim.conf and adding the following to the remote_smtp transport:

        driver = smtp
        dkim_domain = $sender_address_domain
        dkim_selector = default
        dkim_private_key = ${if exists{/etc/opendkim/keys/$sender_address_domain/default}{/etc/opendkim/keys/$sender_address_domain/default}{0}}
        dkim_canon = relaxed
        dkim_strict = 0

restart Exim and Opendkim for the changes to take effect using:

## systemctl restart exim
## systemctl status exim

## systemctl restart opendkim
## systemctl status opendkim
## systemctl enable opendkim



Of course you don’t have to do any of this if you use one of our Linux VPS Hosting services, in which case you can simply ask our expert Linux admins to install and configure OpenDKIM with Exim. They are available 24×7 and will take care of your request immediately.

PS. If you liked this post please share it with your friends on the social networks using the buttons on the left or simply leave a reply below. Thanks.

How to Install osCommerce on a Linux VPS
How to Install PunBB on a Debian 8 VPS
How to Install OpenNMS on a Debian VPS
  • Jerry


    Author Reply

    I have done the above but exam says it can not read the private key file from /etc/opendkim/keys/domainname/default.

    Could it be that the permissions are wrong?

    • admin


      Author Reply

      Please post the output from: `ls -l /etc/opendkim/keys/domainname`