What Is DKIM?
DomainKeys Identified Mail (DKIM) is an email authentication method that digitally signs outgoing messages. Receiving servers verify the signature against a public key published in DNS, confirming the message was not tampered with in transit.
Install OpenDKIM
sudo apt update && sudo apt install -y opendkim opendkim-toolsGenerate a Key Pair
sudo mkdir -p /etc/opendkim/keys/example.com
sudo opendkim-genkey -b 2048 -d example.com -D /etc/opendkim/keys/example.com -s mail -v
sudo chown -R opendkim:opendkim /etc/opendkim/keys/Configure OpenDKIM
Edit /etc/opendkim.conf:
AutoRestart Yes
AutoRestartRate 10/1h
Mode sv
Canonicalization relaxed/simple
SignatureAlgorithm rsa-sha256
KeyTable /etc/opendkim/key.table
SigningTable refile:/etc/opendkim/signing.table
InternalHosts /etc/opendkim/trusted.hostsCreate Mapping Files
Key table (/etc/opendkim/key.table):
mail._domainkey.example.com example.com:mail:/etc/opendkim/keys/example.com/mail.privateSigning table (/etc/opendkim/signing.table):
*@example.com mail._domainkey.example.comTrusted hosts (/etc/opendkim/trusted.hosts):
127.0.0.1
localhost
example.comConnect to Postfix
Add to /etc/postfix/main.cf:
milter_protocol = 6
milter_default_action = accept
smtpd_milters = inet:localhost:8891
non_smtpd_milters = inet:localhost:8891Publish the DNS Record
Display the public key:
cat /etc/opendkim/keys/example.com/mail.txtCreate a TXT record named mail._domainkey.example.com with the displayed value. After DNS propagation, test with:
opendkim-testkey -d example.com -s mail -vvv