DKIM installation on Debian


This is a quick and fairly painless way of setting up DKIM, on a postfix server. DomainKeys Identified Mail (DKIM) is a method for associating a domain name to an email message, thereby allowing a person, role, or organization to claim some responsibility for the message and helps verify that your mail is legitimate. This will help your email not get flagged a spam or fraud, especially if you are doing bulk emailing or important emails.

This tutorial is written for debian, so if using centos the paths to some files may be /etc/mail prefix or similar.

First, install dkim-filters

Debian based

apt-get install dkim-filter

Redhat Based

Enable EPEL

yum install dkim-milter

Setup a domain key for a domain – feel free to setup a few of these if needed
mkdir -p /etc/dkim/keys/$DKIMDOMAIN
cd /etc/dkim/keys/$DKIMDOMAIN
dkim-genkey -r -d $DKIMDOMAIN

If you want an easy web based way check out which also gives you the DNS records.

Create a file /etc/dkim-keys.conf and insert into it a line like this (replacing '' with your own domain)


If you have problems, rename the default.private to just 'default' and use the website mentioned above to generate the keys. I found occasionally the command line generation failed on some distros .

If you used command line then check the file at /etc/dkim/keys/yourdomain/default.txt which will have something like this

default._domainkey IN TXT "v=DKIM1; k=rsa; p=MIGfMA0frgfrefgrweferNYlS+8jyrbAxNsghsPrWYgOQQWI0Ab4e9MT" ; —– DKIM default for

Yours should be much longer, this was snipped for brevity. You need to add the TXT record default._domainkey with the key between the quotes. If you are using standard bind then you can copy/paste that into the named file.

NOTE: Newer versions use default.private._domainkey

Another TXT record worth adding is

_domainkey IN TXT t=y;o=~;

Now look for and edit your /etc/dkim-filter.conf (Debian based distros may have this in /etc/dkim/dkim-filter.conf ).
You need to have 2 lines like this

KeyList /etc/dkim-keys.conf
Socket inet:8891@localhost

If you use debian you need to also edit /etc/default/dkim-filter and have the socket in there as SOCKET="inet:8891@localhost"

Then restart the DKIM filter

/etc/init.d/dkim-filter restart

Now add the following code into the postifx config. This goes into (/etc/postfix/ )

milter_default_action = accept
milter_protocol = 2
smtpd_milters = inet:localhost:8891
non_smtpd_milters = inet:localhost:8891

Then of course restart postfix

postfix reload

This should now sign emails going out with the domain key, it pays to use this webpage to check things are working .



Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.