Setup DKIM (DomainKeys) with Postfix on Ubuntu & Debian

DomainKeys Identified Mail (DKIM) is an email authentication method designed to detect email spoofing by providing a mechanism to allow receiving mail exchangers to check that incoming mail from a domain is authorized by that domain's administrators.In technical terms, DKIM is a 

technique to authorize a domain to associate its name to an email message through cryptographic authentication.

Step 1: Install opendkim Package

First we need to install opendkim and opendkim-tools packages using following command.
$ sudo apt-get install opendkim opendkim-tools

Step 2: Generate Key Pair

Now create DKIM key pair using opendkim-genkey command line utility. For this tutorial we are using domain name “”, Change this name with your actual domain name.
$ mkdir -p /etc/mail/dkim-keys/$MYDOMAIN
$ cd /etc/mail/dkim-keys/$MYDOMAIN
$ opendkim-genkey -t -s mail -d $MYDOMAIN

Above command will generate two files default.private and default.txt. You can created multiple DKIM keys for different-2 domains and configure with your postfix server.

Step 3: Configure DKIM and POSTFIX

First edit the domain keys lists setting file /etc/mail/dkim.key and add following entry.
Edit DKIM configuration file /etc/opendkim.conf and update below values in configuration file.
KeyFile            /etc/mail/dkim.key
Selector           mail
Socket    inet:8892@localhost
Now edit POSTFIX configuration file /etc/postfix/ and add following values at the end of file
milter_default_action = accept
milter_protocol = 2
smtpd_milters = inet:localhost:8892
non_smtpd_milters = inet:localhost:8892

Step 4: Configure DNS Entry

After configuring private key in postfix server. there will be another filedefault.txt generated by opendkim-genkey. Edit your DNS zone file and add this as TXT record found in default.txt.
mail._domainkey.hackthesec.coin IN TXT "v=DKIM1; k=rsa; p=IOIIGfBGGCSqGSIb3DEFGAQUAA4GNHDCBiQKBgRG6RY5DLhAbbrqcwgyBaC
XHYcS4o3uIOV7jICVOJLiYW5wjYLvWpPoraQzQE1Npjlsx2T5QIDAQAB" ; ----- DKIM key default for

Step 5: Restart Service

After making all above configuration’s restart dkim and postfix services
$ sudo service opendkim restart
$ sudo service postfix restart

Step 6: Verify DKIM

And you have all done. Let’s verify that DKIM is working properly. Let’s send a test email through command line
$ mail -vs "Test DKIM" < /dev/null
In received email in our mailbox, open the source of email and search for "DKIM-Signature". You will find some thing like below
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple;;
 s=default.private; t=1431284463;

About Author:

I am a Linux Administrator and Security Expert with this site i can help lot's of people about linux knowladge and as per security expert i also intersted about hacking related news.TwitterFacebook

Newer Post
Older Post


Post a Comment