DKIM installation on Debian Rumi, June 6, 2014 This is a quick and fairly painless way of setting up DKIM, on a postfix server. DomainKeys Identified Mail (DKIM) is a method for associating a domain name to an email message, thereby allowing a person, role, or organization to claim some responsibility for the message and helps verify that your mail is legitimate. This will help your email not get flagged a spam or fraud, especially if you are doing bulk emailing or important emails. This tutorial is written for debian, so if using centos the paths to some files may be /etc/mail prefix or similar. First, install dkim-filters Debian based apt-get install dkim-filter Redhat Based Enable EPEL yum install dkim-milter Setup a domain key for a domain – feel free to setup a few of these if needed DKIMDOMAIN=yourdomain.com mkdir -p /etc/dkim/keys/$DKIMDOMAIN cd /etc/dkim/keys/$DKIMDOMAIN dkim-genkey -r -d $DKIMDOMAIN If you want an easy web based way check out http://www.socketlabs.com/services/dkwiz which also gives you the DNS records. Create a file /etc/dkim-keys.conf and insert into it a line like this (replacing 'domain.com' with your own domain) *@domain.com:domain.com:/etc/dkim/keys/domain.com/default.private If you have problems, rename the default.private to just 'default' and use the website mentioned above to generate the keys. I found occasionally the command line generation failed on some distros . If you used command line then check the file at /etc/dkim/keys/yourdomain/default.txt which will have something like this default._domainkey IN TXT "v=DKIM1; k=rsa; p=MIGfMA0frgfrefgrweferNYlS+8jyrbAxNsghsPrWYgOQQWI0Ab4e9MT" ; —– DKIM default for yourdomain.com Yours should be much longer, this was snipped for brevity. You need to add the TXT record default._domainkey with the key between the quotes. If you are using standard bind then you can copy/paste that into the named file. NOTE: Newer versions use default.private._domainkey Another TXT record worth adding is _domainkey IN TXT t=y;o=~; Now look for and edit your /etc/dkim-filter.conf (Debian based distros may have this in /etc/dkim/dkim-filter.conf ). You need to have 2 lines like this KeyList /etc/dkim-keys.conf Socket inet:8891@localhost If you use debian you need to also edit /etc/default/dkim-filter and have the socket in there as SOCKET="inet:8891@localhost" Then restart the DKIM filter /etc/init.d/dkim-filter restart Now add the following code into the postifx config. This goes into main.cf (/etc/postfix/main.cf ) milter_default_action = accept milter_protocol = 2 smtpd_milters = inet:localhost:8891 non_smtpd_milters = inet:localhost:8891 Then of course restart postfix postfix reload This should now sign emails going out with the domain key, it pays to use this webpage to check things are working http://www.brandonchecketts.com/emailtest.php . Resources: http://protodave.com/security/checking-your-dkim-dns-record/ http://www.port25.com/support/domainkeysdkim-wizard/ http://blogs.cisco.com/security/common_errors_causing_dkim_verification_failures/ http://blog.rimuhosting.com/2012/05/17/setting-up-domains-keys-dkim-on-postfix/ http://www.brandonchecketts.com/emailtest.php?email=UZgMB0ZNwZ%40www.brandonchecketts.com Configurations (Linux) DebianDKIMPostfix