Install and Configure openDKIM on Debian Squeeze

Installing and Configuring openDKIM on Debian

This guide will show you how to install and configure openDKIM on a Debian Squeeze VPS. DKIM is a signature/cryptography email authentication technology used to validate that a message was sent by an authorized source. DKIM allows an organization to take responsibility for transmitting a message, in a way that can be verified by a recipient. More information can be found at the official DKIM web site.

Install openDKIM

aptitude install opendkim

Create a new directory for your key

mkdir /etc/opendkim/keys/

Generate singing keys

opendkim-genkey -D /etc/opendkim/keys/ -d -s mail

The above command will create two files under the newly created directory – mail.private and mail.txt

Change the ownership to opendkim

chown -R opendkim:opendkim /etc/opendkim/keys/

Open the openDKIM configuration file /etc/opendkim.conf , delete everything and add the following

PidFile /var/run/opendkim/
Mode    sv
Syslog  yes
SyslogSuccess   yes
LogWhy  yes
UserID  opendkim:opendkim
Socket  inet:8891@localhost
Umask   002
Canonicalization        relaxed/simple
Selector        mail
KeyFile /etc/opendkim/keys/
KeyTable        /etc/opendkim/KeyTable
SigningTable    /etc/opendkim/SigningTable

Open /etc/opendkim/KeyTable (list of keys available for signing) and add the following line

Open /etc/opendkim/SigningTable and add the following line

Open /etc/opendkim/TrustedHosts and add the following lines

Add the content of the /etc/opendkim/keys/ file to your DNS zone file

mail._domainkey IN TXT "v=DKIM1; g=*; k=rsa; p=MIG.......B58FQIDAQAB" ; ----- DKIM mail for

Open the postfix configuration file (/etc/postfix/ and add the following lines

smtpd_milters           = inet:
non_smtpd_milters       = $smtpd_milters
milter_default_action   = accept
milter_protocol   = 2

Restart both openDKIM and postfix

/etc/init.d/opendkim restart
/etc/init.d/postfix restart

To check if everything works as expected send an email to In a few seconds you will get an email as follows

Summary of Results
SPF check:          pass
DomainKeys check:   pass
DKIM check:         pass
Sender-ID check:    pass
SpamAssassin check: ham

The line “DKIM check: pass” means that you have successfully installed openDKIM on your sever.

PS. If you liked this post please share it with your friends on the social networks using the buttons on the left or simply leave a reply below. Thanks.

How to install Known on a CentOS 7 VPS
How to install e107 CMS on Ubuntu 14.04
Install PHP-Fusion 7 on a CentOS 7 VPS
  • Simon


    Author Reply

    You add a private key here KeyFile /etc/opendkim/keys/,
    yet you then add multiple domain ( I have 27 domains for signing ) into other files. I suppose you are using the same key for signing all of your domains, which is a bit insecure ( or lazy ) :D

  • Daniel Sousa

    In Wheezy you also need to install the package opendkim-tools to have the command opendkim-genkey.

    I also recommend you change the 2nd command from
    $ mkdir /etc/opendkim/keys/
    $ mkdir -p /etc/opendkim/keys/
    because de dir /etc/opendkim (at least not in wheezy)

    Thank you very much for your blog post!