Installing and Configuring openDKIM on Debian

This guide will show you how to install and configure openDKIM on a Debian Squeeze VPS. DKIM is a signature/cryptography email authentication technology used to validate that a message was sent by an authorized source. DKIM allows an organization to take responsibility for transmitting a message, in a way that can be verified by a recipient. More information can be found at the official DKIM web site.

Install openDKIM

aptitude install opendkim

Create a new directory for your key

mkdir /etc/opendkim/keys/

Generate singing keys

opendkim-genkey -D /etc/opendkim/keys/ -d -s mail

The above command will create two files under the newly created directory – mail.private and mail.txt

Change the ownership to opendkim

chown -R opendkim:opendkim /etc/opendkim/keys/

Open the openDKIM configuration file /etc/opendkim.conf , delete everything and add the following

PidFile /var/run/opendkim/
Mode    sv
Syslog  yes
SyslogSuccess   yes
LogWhy  yes
UserID  opendkim:opendkim
Socket  inet:[email protected]
Umask   002
Canonicalization        relaxed/simple
Selector        mail
KeyFile /etc/opendkim/keys/
KeyTable        /etc/opendkim/KeyTable
SigningTable    /etc/opendkim/SigningTable

Open /etc/opendkim/KeyTable (list of keys available for signing) and add the following line

Open /etc/opendkim/SigningTable and add the following line

Open /etc/opendkim/TrustedHosts and add the following lines

Add the content of the /etc/opendkim/keys/ file to your DNS zone file

mail._domainkey IN TXT "v=DKIM1; g=*; k=rsa; p=MIG.......B58FQIDAQAB" ; ----- DKIM mail for

Open the postfix configuration file (/etc/postfix/ and add the following lines

smtpd_milters           = inet:
non_smtpd_milters       = $smtpd_milters
milter_default_action   = accept
milter_protocol   = 2

Restart both openDKIM and postfix

/etc/init.d/opendkim restart
/etc/init.d/postfix restart

To check if everything works as expected send an email to [email protected] In a few seconds you will get an email as follows

Summary of Results
SPF check:          pass
DomainKeys check:   pass
DKIM check:         pass
Sender-ID check:    pass
SpamAssassin check: ham

The line “DKIM check: pass” means that you have successfully installed openDKIM on your sever.

PS. If you liked this post please share it with your friends on the social networks using the buttons on the left or simply leave a reply below. Thanks.