How to configure OpenDKIM on Linux with Postfix and setup bind zonefile

This guide assumes you have a working Postfix server and want it to sign with DKIM.

There are a few things we  have to understand to make all of this work though, which require you to be familiar with DNS as well.

 

1.) Install OpenDKIM

apt install opendkim

systemctl enable opendkim

2.) Edit /etc/opendkim.conf

Syslog   yes
SyslogSuccess yes
Mode     sv
OmitHeaders .
Socket   inet:8891@localhost
Domain   yourdomain.com
KeyTable        /etc/opendkim/KeyTable
SigningTable   refile:/etc/opendkim/SigningTable
ExternalIgnoreList      refile:/etc/opendkim/TrustedHosts
InternalHosts   refile:/etc/opendkim/TrustedHosts
UserID  opendkim:opendkim

3.) Create your first OpenDKIM Key for your domain

yourdomain=yourdomain.com

mkdir -p /etc/opendkim/keys/$yourdomain
cd /etc/opendkim/keys/$yourdomain
opendkim-genkey -r -d $yourdomain

4.) Configure KeyTable and SigningTable

 

#Add this line to /etc/opendkim/KeyTable

The "default" is what is called the selector, it could be nearly anything but we're calling it default here.  Be sure to change "yourdomain.com" to the actual domain you want DKIM signing for.

default._domainkey.yourdomain.com yourdomain.com:default:/etc/opendkim/keys/yourdomain.com/default.private

#Add this to line to /etc/opendkim/SigningTable

*@yourdomain.com default._domainkey.yourdomain.com

The * allows all e-mails from the domain to be signed, change it if this should not be the case.

Again, be sure you change yourdomain.com to your actual domain that you setup in the KeyTable in the previous step.

5.) Edit your Your DNS zonefile for yourname.com
 

Here's an example using bind/named:

#edit bind/named DNS entry for domain/zone

cat /etc/opendkim/keys/yourdomain.com/default.txt

Take the output of the above and then add it to your zonefile like below:

default._domainkey    IN    TXT    ( "v=DKIM1; k=rsa; s=email; "
      "p=blablabla" )  ; ----- DKIM key default for yourdomain.com


Be sure to change the blablabla to the output of /etc/opendkim/keys/yourdomain.com/default.txt

_dmarc.yourdomain.com.      IN     TXT    "v=DMARC1; p=quarantine; rua=mailto:someaddress@yourdomain.com"
 

Be sure to change someaddress@yourdomain.com to a real address for your domain, you will receive DMARC reports to this address.

 

Set permissions to be sure:

chown -R opendkim.opendkim /etc/opendkim

5.) Enable OpenDKIM milter in Postfix

# edit /etc/postfix/main.cf
cp -a /etc/postfix/main.cf /etc/postfix/main.cf-`date +%Y%m%d-%s`
 

#edit /etc/postfix/main.cf

#enable dkim
smtpd_milters           = inet:127.0.0.1:8891
non_smtpd_milters       = $smtpd_milters
milter_default_action   = accept

systemctl restart postfix

 


Tags:

configure, opendkim, linux, postfix, bind, zonefilethis, assumes, server, dkim, dns, install, apt, systemctl, enable, edit, etc, conf, syslog, syslogsuccess, mode, sv, omitheaders, socket, inet, localhost, domain, yourdomain, keytable, signingtable, refile, externalignorelist, trustedhosts, internalhosts, userid, mkdir, genkey, quot, default, selector, _domainkey, allows, mails, previous, zonefile, yourname, entry, txt, output, rsa, email, blablabla, _dmarc, dmarc, quarantine, rua, mailto, someaddress, permissions, chown, milter, cf, cp, smtpd_milters, non_smtpd_milters, milter_default_action, restart,

Latest Articles

  • How to resize a pdf without losing much quality in Linux Mint Ubuntu Debian Redhat Solution
  • qemu: could not load PC BIOS 'bios-256k.bin' solution
  • Proxmox How To Custom Partition During Install
  • Hyper-V Linux VM Boots to Black Screen, Storage, NIC Not Found Issues
  • Ubuntu Mint How to Fix Missing/Broken /dev and /dev/pts which causes terminal to immediately close exit and not work
  • How high can a Xeon CPU get?
  • bash fix PATH environment variable "command not found" solution
  • Ubuntu Linux Mint Debian Redhat Youtube Cannot Play HD or 4K videos, dropped frames or high CPU usage with Nvidia or AMD Driver
  • hostapd example configuration for high speed AC on 5GHz using WPA2
  • hostapd how to enable and use WPS to connect wireless devices like printers
  • Dell Server Workstation iDRAC Dead after Firmware Update Solution R720, R320, R730
  • Cloned VM/Server/Computer in Linux won't boot and goes to initramfs busybox Solution
  • How To Add Windows 7 8 10 11 to GRUB Boot List Dual Booting
  • How to configure OpenDKIM on Linux with Postfix and setup bind zonefile
  • Debian Ubuntu 10/11/12 Linux how to get tftpd-hpa server setup tutorial
  • efibootmgr: option requires an argument -- 'd' efibootmgr version 15 grub-install.real: error: efibootmgr failed to register the boot entry: Operation not permitted.
  • Apache Error Won't start SSL Cert Issue Solution Unable to configure verify locations for client authentication SSL Library Error: 151441510 error:0906D066:PEM routines:PEM_read_bio:bad end line SSL Library Error: 185090057 error:0B084009:x509 certif
  • Linux Debian Mint Ubuntu Bridge br0 gets random IP
  • redis requirements
  • How to kill a docker swarm