This forum uses cookies
This forum makes use of cookies to store your login information if you are registered, and your last visit if you are not. Cookies are small text documents stored on your computer; the cookies set by this forum can only be used on this website and pose no security risk. Cookies on this forum also track the specific topics you have read and when you last read them. Please confirm whether you accept or reject these cookies being set.

A cookie will be stored in your browser regardless of choice to prevent you being asked this question again. You will be able to change your cookie settings at any time using the link in the footer.

Installing OpenDKIM
Installing OpenDKIM
This guide will show you how to install and configure the OpenDKIM on your centos 6.5 and Ubuntu server. Before we start, I would just like to put out from the wiki what DKIM is. Just in case anyone doesn't know. Wrote:DomainKeys Identified Mail (DKIM) is an email validation system designed to detect email spoofing by providing a mechanism to allow receiving mail exchangers to check that incoming mail from a domain is authorized by that domain's administrators. A digital signature included with the message can be validated by the recipient using the signer's public key published in the DNS.

First things first, we always need to ensure our system is up to date. So lets do that first. (This guide also assumes that you are not using the root account, that you are using another account, that can get root permissions.

sudo Yum update

sudo apt-get update

In CentOS you need to enable the Epel repo, if you haven't already. Just do the following.
sudo wget -P /tmp
sudo rpm -Uvh /tmp/epel-release-6-8.noarch.rpm
sudo rm -f /tmp/epel-release-6-8.noarch.rpm

Once you have done that you are ready to install the OpenDKIM and its dependencies.
sudo yum install opendkim

sudo apt-get install opendkim opendkim-tools

Okay so now we are at the fun part Smile Configuring it and getting it all setup to run. So using your fav editor after your backup the default config, open OpenDKIM.conf found at /etc/opendkim.conf.

sudo vim /etc/opendkim.conf

Now once this is open, I found it a lot easier just to delete all the comments and that around it, as we have a backup we can always go there or the opendkim for information. So either delete everything in the .conf or you can change the settings to like I have below;

AutoRestart             Yes
AutoRestartRate         10/1h
LogWhy                  Yes
Syslog                  Yes
SyslogSuccess           Yes
Mode                    sv
Canonicalization        relaxed/simple
ExternalIgnoreList      refile:/etc/opendkim/TrustedHosts
InternalHosts           refile:/etc/opendkim/TrustedHosts
KeyTable                refile:/etc/opendkim/KeyTable
SigningTable            refile:/etc/opendkim/SigningTable
SignatureAlgorithm      rsa-sha256
Socket                  inet:8891@localhost
PidFile                 /var/run/opendkim/
UMask                   022
UserID                  opendkim:opendkim
TemporaryDirectory      /var/tmp

Great, not we need to set up our private and public keys, to do that we just do the following, and change the to the domain you are setting up the keys for. (If you have more domains you would like to sign, you can also do that here just repeat this step with the new domain.)

sudo mkdir /etc/opendkim/keys/
sudo opendkim-genkey -D /etc/opendkim/keys/ -d -s default
sudo chown -R opendkim: /etc/opendkim/keys/
sudo mv /etc/opendkim/keys/ /etc/opendkim/keys/

Okay so now we have to add this new key to the KeyTable. Again you will have to repeat this step depending on how many domains you are trying to set up with OpenDKIM. This file can be found at /etc/opendkim/KeyTable

sudo vi /etc/opendkim/KeyTable

Paste in the following;

Next we need to edit /etc/opendkim/SigningTable a new record in the DKIMsigning table. The * wildcards so that it will sign all emails coming from that domain, however if you only want some signed, you can change the * with the email account.


The * wildcards so that it will sign all emails coming from that domain, however if you only want some signed, you can change the * with the email account.
Code: # This would only sign the support email.

Great so now we need to add our hostname, localhost and the domain(s) we are going to have signing for in the trusted hosts file located at, /etc/opendkim/TrustedHosts

However before doing this, as I also had some issues with this and not getting OpenDKIM to work, and truly it was a very simple fix. Type in hostname in your terminal, which will provide you with the hostname of you server.

So go ahead and run
sudo vi /etc/opendkim/TrustedHosts

Make it look something like this.

Code: #This is your hostname.

Great almost finished now we just need to update some DNS. I use Cloudflare for my dns, you can use which ever you like or if your domain provider offers it, you can use theres. First we got to get the information we are going to be putting there, which would be found in /etc/opendkim/keys/

sudo vi /etc/opendkim/keys/

You should see something like the following;

default._domainkey      IN      TXT     ( "v=DKIM1; k=rsa; "
          "p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDApHRr7ZmXRaAB+RQRbP4VdMwIrIHIP18KFtXRsv/xpWc0Gix6ZXN13fcG03KNGKZo2PY+csPkGC5quDnH5V0JEhDZ78KcDWFsU6u4fr9ktVAdt6P7jWXjcyqdHOZ8+YN4cAeU4lRFNgQvdupIcByYwzPYMgBFHfJm9014HvRqhwIDAQAB" )  ; ----- DKIM key default for

So now with this information we are going to make a new txt dns zone with the name default._domainkey and we are going to post the the following in the value.


Yours will totally be different so don't just copy and paste this one. Below is a screen shot of how mine looks.
[Image: Screen_Shot_2014_08_10_at_5_27_28_PM.png]

Okay so now we need to edit postfix and let it know that we have a new milter. Open /etc/postfix/ and paste the following;
smtpd_milters           = inet:
non_smtpd_milters       = $smtpd_milters
milter_default_action   = accept
milter_protocol         = 2

Once that is done, you just have to restart the services.

sudo service opendkim start
sudo chkconfig opendkim on
sudo service postfix restart

Once that has beed restarted and everything is up and running you just have to test and ensure you are sending signed emails. Which you can do by emailing say a gmail account that you own, and looking at the headers, you should see something like mailed-by; signed-by:

Or you can simply email and you will get a email back with the information if it is signed, spam etc, in about 5-10 minutes.

You would get something like the following back;

This message is an automatic response from Port25's authentication verifier
service at The service allows email senders to perform
a simple check of various sender authentication mechanisms. It is provided
free of charge, in the hope that it is useful to the email community. While
it is not officially supported, we welcome any feedback you may have at

Thank you for using the verifier,

The Port25 Solutions, Inc. team

Summary of Results
SPF check: pass
DomainKeys check: neutral
DKIM check: pass
DKIM check: pass
Sender-ID check: pass
SpamAssassin check: ham

Messages In This Thread
Installing OpenDKIM - by Jason.Kenyon - 08-10-2014, 11:59 PM
RE: Installing OpenDKIM - by motters - 08-11-2014, 07:16 AM
RE: Installing OpenDKIM - by HCGeek - 09-20-2014, 03:18 AM
RE: Installing OpenDKIM - by meakajon - 09-23-2014, 05:11 AM
RE: Installing OpenDKIM - by Me.B - 09-23-2014, 05:13 AM
RE: Installing OpenDKIM - by - 04-09-2015, 02:49 PM
RE: Installing OpenDKIM - by moridrin - 05-28-2015, 01:15 PM
RE: Installing OpenDKIM - by steve_nf - 10-13-2015, 06:35 AM
RE: Installing OpenDKIM - by xandersjale - 03-03-2016, 07:13 PM
RE: Installing OpenDKIM - by QuakeMedia - 05-21-2016, 03:12 AM
RE: Installing OpenDKIM - by xandersjale - 03-03-2016, 07:14 PM
RE: Installing OpenDKIM - by apinto - 03-03-2016, 07:34 PM
RE: Installing OpenDKIM - by Mazerunner04 - 04-16-2016, 11:05 PM
RE: Installing OpenDKIM - by Topcoder - 07-10-2016, 07:34 AM
RE: Installing OpenDKIM - by perte - 12-12-2017, 10:46 PM
RE: Installing OpenDKIM - by dormain - 05-04-2018, 08:01 AM
RE: Installing OpenDKIM - by Maljen - 07-10-2019, 11:18 PM

Possibly Related Threads...
Thread Author Replies Views Last Post
I need help installing sentora WolfCommunity 2 3 629 03-23-2016, 08:52 PM
Last Post: Waqass
after Installing Xbilling Not Able to Use spider 1 2 815 01-16-2016, 08:20 AM
Last Post: Jeroen

Forum Jump:

Users browsing this thread: 1 Guest(s)