How to install DKIM with OpenDKIM and Postfix on a CentOS 7

Hello, today we install DKIM in Centos 7 with Postfix.

# yum install opendkim

Next step to do is to configure OpenDKIM.

# cp /etc/opendkim.conf /etc/opendkim.conf.orig
# vim /etc/opendkim.conf

Options should be like this:

PidFile    /var/run/opendkim/opendkim.pid
Mode    sv
Syslog    yes
SyslogSuccess    yes
LogWhy    yes
UserID    opendkim:opendkim
Socket    inet:8891@localhost
Umask    002
Canonicalization    relaxed/relaxed
Selector    default
MinimumKeyBits 1024
KeyTable    refile:/etc/opendkim/KeyTable
SigningTable    refile:/etc/opendkim/SigningTable
ExternalIgnoreList    refile:/etc/opendkim/TrustedHosts
InternalHosts    refile:/etc/opendkim/TrustedHosts

Next step we have to edit /etc/opendkim/TrustedHosts

# vim /etc/opendkim/TrustedHosts

127.0.0.1
::1
mail.ceae.info

Now we edit /etc/opendkim/KeyTable

vim /etc/opendkim/KeyTable

default._domainkey.ceae.info ceae.info:default:/etc/opendkim/keys/ceae.info.private

Now opendkim needs to know relation between mail adress and domains whe should configure SigningTable file.

vim /etc/opendkim/SigningTable

*@ceae.info default._domainkey.ceae.info

Now we generate one keypair for each domain

cd /etc/opendkim/keys
opendkim-genkey -D /etc/opendkim/keys/ -d ceae.info -s ceae.info

You will get:

[root@mail keys]# ls -l
total 8
-rw------- 1 root root 891 apr 25 22:02 ceae.info.private
-rw------- 1 root root 344 apr 25 22:02 ceae.info.txt

We have to change private keys owner.

[root@mail keys]# chown -R opendkim. /etc/opendkim/keys/

Restart opendkim and enable

 systemctl restart opendkim.service
 systemctl enable opendkim.service

Integrate opendkim with postfix:

 vim /etc/postfix/main.cf

and append these lines

milter_default_action = accept
smtpd_milters = inet:127.0.0.1:8891

Finally the most important step is publish your public keys in DNS.

 cat ceae.info.txt

default._domainkey IN TXT ( “v=DKIM1; k=rsa; ”
“p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDh1hbzE5Ae83qLXL/DKAhTmOYXzLG3+RfdjG9nbv+zH/STABdYpU7kQKAs0M9X1bdIe8We8Bs//vKqqtgOB/j/jwcH+VMou3wBEULshzQK6qoBSb413qdGEnXIHUP3e9p4VttlebSp5w/3dLaOpNFNUMKz6Xb2Pa8xlxn5DgNrYQIDAQAB” ) ; —– DKIM key ceae.info for ceae.info

Restart Postfix:

 systemctl restart postfix.service

How we test if works ?

 dig default._domainkey.ceae.info TXT +short

P.S. in dns we start with default._domainkey IN TXT ……

9 thoughts on “How to install DKIM with OpenDKIM and Postfix on a CentOS 7”

  1. Nice write up, however the article doesn’t explain the reasoning behind any of the steps. I find this really helps overall understanding of the explained steps and why something is happening as opposed to it should just be this.

    1. The reason of this post it’s just to show steps! Why ? You have to learn or ask in a comment !

  2. Nice!.
    I am wondering how to reject messages with no signature – per domain. For example, I am signing mails from mydomain.org so I need the DKIM validation to fail if the message claims to be from mydomain.org, but has no signature.
    Does anyone know?

  3. There is something wrong in your public key example.. The selector is not default when you generated the keys, it was ceae.info
    Instead of:
    default._domainkey IN TXT ( “v=DKIM1; k=rsa; ”
    “p=MIGfMA….DAQAB” ) ; —– DKIM key ceae.info for ceae.info

    It should be
    ceae.info._domainkey IN TXT ( “v=DKIM1; k=rsa; ”
    “p=MIGfMA….DAQAB” ) ; —– DKIM key ceae.info for ceae.info

    1. You should also change the
      “dig ceae.info._domainkey.ceae.info TXT +short”
      to be coherent with
      “opendkim-genkey -D /etc/opendkim/keys/ -d ceae.info -s ceae.info”
      🙂

Leave a Reply

Your email address will not be published. Required fields are marked *

8 + 2 =


This site uses Akismet to reduce spam. Learn how your comment data is processed.