Configuring a mail server it is important not to hit the junk folder. Configuring dkim will  give you an extra point an will be validated. Every mail will be signed with a certificate to prove the authenticity of the mail server. I prefer working with Centos since it is a rock  solid distro.  Notes: I presume that you have already a postfix installed that works ok. This tutorial is for centos 6, for other centos version it will be a different way.

Install some libraries needed:
yum install sendmail-devel openssl-devel
Go to the following directory and download opendkim
cd /usr/local/src

Extract and configure the package:
tar zxvf opendkim-2.4.2.tar.gz
cd opendkim-2.4.2
./configure --sysconfdir=/etc --prefix=/usr/local --localstatedir=/var
make install

Create a new user called opendkim
useradd -r -U -s /sbin/nologin opendkim
Need to create working directories
mkdir -p /etc/opendkim/keys
chown -R opendkim:opendkim /etc/opendkim
chmod -R go-wrx /etc/opendkim/keys

Copy the startup script to /etc/init.d/ directory :
cp /usr/local/src/opendkim-2.4.2/contrib/init/redhat/opendkim /etc/init.d/
Sett the correct file permission to the file

chmod 755 /etc/init.d/opendkim

Next need to generate the key to sign the outgoing email:

mkdir /etc/opendkim/keys/
/usr/local/bin/opendkim-genkey -D /etc/opendkim/keys/ -d -s default
chown -R opendkim:opendkim /etc/opendkim/keys/
mv /etc/opendkim/keys/ /etc/opendkim/keys/

After this step need to create / edit the following files:

nano /etc/opendkim.conf

## opendkim.conf -- configuration file for OpenDKIM filter
AutoRestart Yes
AutoRestartRate 10/1h
Canonicalization relaxed/simple
ExternalIgnoreList refile:/etc/opendkim/TrustedHosts
InternalHosts refile:/etc/opendkim/TrustedHosts
KeyTable refile:/etc/opendkim/KeyTable
LogWhy Yes
Mode sv
PidFile /var/run/opendkim/
SignatureAlgorithm rsa-sha256
SigningTable refile:/etc/opendkim/SigningTable
Socket inet:8891@localhost
Syslog Yes
SyslogSuccess Yes
TemporaryDirectory /var/tmp
UMask 022
UserID opendkim:opendkim

The second file

nano /etc/opendkim/KeyTable

the third file

nano /etc/opendkim/SigningTable

nano /etc/opendkim/TrustedHosts

After setup correctly the files need to edit the posfix configuration in order to sign the outgoing emails:

nano /etc/postfix/
smtpd_milters = inet:
non_smtpd_milters = $smtpd_milters
milter_default_action = accept
milter_protocol = 2

After setup type the following command to rehash your shell

hash -r
Stop sendmail on start up in order to not execute on the start up

chkconfig --del sendmail

Start opendkim service

service opendkim start

You should see a message:

Starting OpenDKIM Milter: [ OK ]

Restart postfix:

/etc/init.d/postfix restart

If everything it is ok run the following command to make it available on server startup

chkconfig --level 2345 opendkim on

In order to see if is it working or not run the following command to see more details:

tail -f /var/log/maillog

At this file you will see the details of the failure or the success of this configuration and then you can troubleshoot. If everything is ok you need to add the key generated to the dns record:

cat /etc/opendkim/keys/

The file output should be like this:

default._domainkey IN TXT "v=DKIM1; g=*; k=rsa; p=7k45u5i2T1AlEBeurUbdKh7Nypq4lLMXC2FHhezK33BuYR+
R7FA7vN5RddPxW/sO9JVRLiWg6iAE4hxBp42YKfxOwEnxPADbBuiELKZ2ddxo2aDFAb9U/lp4" ;
----- DKIM default for

Allow some hours the dns to divulge the changes globally. If you run again the command
tail -f /var/log/maillog
you should see something like this:

opendkim[4397]: OpenDKIM Filter: mi_stop=1
opendkim[4397]: OpenDKIM Filter v2.4.2 terminating with status 0, errno = 0
opendkim[27444]: OpenDKIM Filter v2.4.2 starting (args: -x /etc/opendkim.conf)

opendkim[22254]: 53D0314803B: DKIM-Signature header added
If you need to test how you configured send a test email at, you will see the dkim result. Please be carefull with the spaces on the dns record, can be a little problematic.

A faster solution if you need to skip all of this is setting up the server via Vesta

Can be a faster solution.

Enjoy and happy mailing

Leave a Reply

Your email address will not be published. Required fields are marked *