How To Install and Configure DKIM with Postfix on Ubuntu Xenial 16.04 LTS

Used this tutorial:

It has a bug so this is with the correction for me. In this tutorial replace with your domain and use your personal gmail email address.

Install dkim:

sudo apt-get update
sudo apt-get dist-upgrade

Install OpenDKIM and it’s dependencies:

sudo apt-get install opendkim opendkim-tools

Let’s start with the main configuration file:

sudo joe /etc/opendkim.conf

It should have this content:

root@condor1796 /etc # cat opendkim.conf
OversignHeaders		From
TrustAnchorFile /usr/share/dns/root.key

AutoRestart Yes
AutoRestartRate 10/1h
UMask 002
Syslog yes
SyslogSuccess Yes
LogWhy Yes

Canonicalization relaxed/simple

ExternalIgnoreList refile:/etc/opendkim/TrustedHosts
InternalHosts refile:/etc/opendkim/TrustedHosts
KeyTable /etc/opendkim/KeyTable
SigningTable refile:/etc/opendkim/SigningTable

Mode sv
PidFile /var/run/opendkim/
SignatureAlgorithm rsa-sha256

UserID opendkim:opendkim

Socket inet:12301@localhost
SignHeaders From,Sender,To,CC,Subject,Message-Id,Date,List-Unsubscribe,List-Unsubscribe-Post

Connect the milter to Postfix:
sudo nano /etc/default/opendkim

Add the following line, edit the port number only if a custom one is used:

Configure postfix to use this milter and limit the number of transactions per domain:
sudo nano /etc/postfix/

add this content:

milter_protocol = 2
milter_default_action = accept
smtpd_milters = inet:localhost:12301
non_smtpd_milters = inet:localhost:12301
smtp_destination_concurrency_limit = 2
smtp_destination_rate_delay = 1s
smtp_extra_recipient_limit = 10

Create a directory structure that will hold the trusted hosts, key tables, signing tables and crypto keys:

sudo mkdir /etc/opendkim 
sudo mkdir /etc/opendkim/keys

Specify trusted hosts:

sudo nano /etc/opendkim/TrustedHosts

Create a key table:

sudo nano /etc/opendkim/KeyTable

A key table contains each selector/domain pair and the path to their private key.

Create a signing table:

sudo nano /etc/opendkim/SigningTable

This file is used for declaring the domains/email addresses and their selectors.


Generate the public and private keys

Change to the keys directory:

cd /etc/opendkim/keys

Create a separate folder for the domain to hold the keys:

sudo mkdir

Generate the keys:

sudo opendkim-genkey -s mail -d

-s specifies the selector and -d the domain, this command will create two files, mail.private is our private key and mail.txt contains the public key.

Change the owner of the private key to opendkim:

sudo chown opendkim:opendkim mail.private
 Use mail.txt file to add TXT DNS record for mail._domainkey

It should look like this:

root@condor1796 /etc #  dig TXT

Restart Postfix and OpenDKIM:

sudo service postfix restart
sudo service opendkim restart

Check now if this Opendkim config is working:

root@condor1796 /etc # sudo -u opendkim opendkim-testkey -vvvv 
opendkim-testkey: using default configfile /etc/opendkim.conf
opendkim-testkey: record 0 for '' retrieved
opendkim-testkey: checking key ''
opendkim-testkey: key OK
opendkim-testkey: key not secure
opendkim-testkey: 1 key checked; 1 pass, 0 fail

If opendkim config is working check it’s integration with postfix by sending a mail to gmail:

mail -s "test subject" < /etc/opendkim.conf

That’s it, you shall now see in the email source as received on gmail:


2 thoughts on “How To Install and Configure DKIM with Postfix on Ubuntu Xenial 16.04 LTS

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s