Install DKIM

sudo apt-get update && sudo apt-get dist-upgrade
apt-get install opendkim opendkim-tools

Configure OpenDKIM

vi /etc/opendkim.conf
AutoRestart             Yes
AutoRestartRate         10/1h
SyslogSuccess           Yes
LogWhy                  Yes

Canonicalization        relaxed/simple

ExternalIgnoreList      refile:/etc/opendkim/TrustedHosts
InternalHosts           refile:/etc/opendkim/TrustedHosts
KeyTable                refile:/etc/opendkim/KeyTable
SigningTable            refile:/etc/opendkim/SigningTable

Mode                    sv
PidFile                 /var/run/opendkim/
SignatureAlgorithm      rsa-sha256

UserID                  opendkim:opendkim

Socket                  inet:11025@localhost

Add OpenDKIM port to services

vi /etc/services
opendkim        11025/tcp

Create a system directory

mkdir -p /etc/opendkim/keys

Trusted hosts

vi /etc/opendkim/TrustedHosts


Key table

vi /etc/opendkim/KeyTable
mail._domainkey.domain.xx domain.xx:mail:/etc/opendkim/keys/domain.xx/mail.private
mail._domainkey.domain.yy domain.yy:mail:/etc/opendkim/keys/domain.yy/mail.private

Signing table

vi /etc/opendkim/SigningTable
*@domain.xx mail._domainkey.domain.xx
*@domain.yy mail._domainkey.domain.yy

Generate the keys

cd /etc/opendkim/keys

mkdir domain.xx
mkdir domain.yy
cd domain.xx
opendkim-genkey -s mail -d domain.xx

Change the owner of the private key

chown opendkim:opendkim mail.private

Configure nameserver

Just add the TXT record to your DNS as described in the public key (the file mail.txt)

cat mail.txt
mail._domainkey    IN    TXT    ( "v=DKIM1; k=rsa; "
      "p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCUmmgVQvIwAqEPBPebMs7MV3+FshNKg+WtCz4Uwei4bQyfaeZ+R/ZLguaw7QehTMLrLL9R5OwzL/YJto3SEKS8ET9Zt9f4wgE+SdIvdl9rtjw516x9WQ9hykBZTS7C4ZYAWJUPICUXOFRtjVOzZb7eI7B3KFugyKMwAcnVxr0cyQIDAQAB" )  ; ----- DKIM key mail for

Connect the milter to Postfix

vi /etc/default/opendkim

Configure postfix to use this milter

vi /etc/postfix/
milter_protocol = 2
milter_default_action = accept

smtpd_milters = inet:localhost:11025
non_smtpd_milters = inet:localhost:11025

Restart Postfix and OpenDKIM

service postfix restart && service opendkim restart

Congratulations! DKIM is now configured and running.

netstat -pat|grep "smtp\|opendkim"

tcp        0      0 localhost:opendkim      *:*                  LISTEN      29756/opendkim  
tcp        0      0 *:smtps                 *:*                  LISTEN      29734/master    
tcp        0      0 *:smtp                  *:*                  LISTEN      29734/master    
tcp6       0      0 [::]:smtps              [::]:*               LISTEN      29734/master    
tcp6       0      0 [::]:smtp               [::]:*               LISTEN      29734/master


Send a test email to where is the address where you want the report sent (

Navigate to, enter your domain followed by the selector and press DKIM lookup. In our example. the selector is mail.