Install and Configure openDKIM on Debian Squeeze

Installing and Configuring openDKIM on Debian

This guide will show you how to install and configure openDKIM on a Debian Squeeze VPS. DKIM is a signature/cryptography email authentication technology used to validate that a message was sent by an authorized source. DKIM allows an organization to take responsibility for transmitting a message, in a way that can be verified by a recipient. More information can be found at the official DKIM web site.

Install openDKIM

aptitude install opendkim

Create a new directory for your key

mkdir /etc/opendkim/keys/your-domain.com

Generate singing keys

opendkim-genkey -D /etc/opendkim/keys/your-domain.com -d your-domain.com -s mail

The above command will create two files under the newly created directory – mail.private and mail.txt

Change the ownership to opendkim

chown -R opendkim:opendkim /etc/opendkim/keys/your-domain.com

Open the openDKIM configuration file /etc/opendkim.conf , delete everything and add the following

PidFile /var/run/opendkim/opendkim.pid
Mode    sv
Syslog  yes
SyslogSuccess   yes
LogWhy  yes
UserID  opendkim:opendkim
Socket  inet:8891@localhost
Umask   002
Canonicalization        relaxed/simple
Selector        mail
KeyFile /etc/opendkim/keys/your-domain.com/mail.private
KeyTable        /etc/opendkim/KeyTable
SigningTable    /etc/opendkim/SigningTable

Open /etc/opendkim/KeyTable (list of keys available for signing) and add the following line

mail._domainkey.your-domain.com your-domain.com:mail:/etc/opendkim/keys/your-domain.com/mail.private

Open /etc/opendkim/SigningTable and add the following line

your-domain.com mail._domainkey.your-domain.com

Open /etc/opendkim/TrustedHosts and add the following lines

Add the content of the /etc/opendkim/keys/your-domain.com/mail.txt file to your DNS zone file

mail._domainkey IN TXT "v=DKIM1; g=*; k=rsa; p=MIG.......B58FQIDAQAB" ; ----- DKIM mail for your-domain.com

Open the postfix configuration file (/etc/postfix/main.cf) and add the following lines

smtpd_milters           = inet:
non_smtpd_milters       = $smtpd_milters
milter_default_action   = accept
milter_protocol   = 2

Restart both openDKIM and postfix

/etc/init.d/opendkim restart
/etc/init.d/postfix restart

To check if everything works as expected send an email to check-auth@verifier.port25.com. In a few seconds you will get an email as follows

Summary of Results
SPF check:          pass
DomainKeys check:   pass
DKIM check:         pass
Sender-ID check:    pass
SpamAssassin check: ham

The line “DKIM check: pass” means that you have successfully installed openDKIM on your sever.

PS. If you liked this post please share it with your friends on the social networks using the buttons on the left or simply leave a reply below. Thanks.

admin :

View Comments (2)

  • You add a private key here KeyFile /etc/opendkim/keys/your-domain.com/mail.private,
    yet you then add multiple domain ( I have 27 domains for signing ) into other files. I suppose you are using the same key for signing all of your domains, which is a bit insecure ( or lazy ) :D

  • In Wheezy you also need to install the package opendkim-tools to have the command opendkim-genkey.

    I also recommend you change the 2nd command from
    $ mkdir /etc/opendkim/keys/your-domain.com
    $ mkdir -p /etc/opendkim/keys/your-domain.com
    because de dir /etc/opendkim (at least not in wheezy)

    Thank you very much for your blog post!


GDPR Compliance

By using this web site you agree to our privacy policy as shown at https://www.rosehosting.com/priv.html

Privacy Settings

This website uses cookies.