This is a quick and fairly painless way of setting up DKIM, on a postfix server. DomainKeys Identified Mail (DKIM) is a method for associating a domain name to an email message, thereby allowing a person, role, or organization to claim some responsibility for the message and helps verify that your mail is legitimate. This will help your email not get flagged a spam or fraud, especially if you are doing bulk emailing or important emails.
This tutorial is written for debian, so if using centos the paths to some files may be /etc/mail prefix or similar.
First, install dkim-filters
apt-get install dkim-filter
yum install dkim-milter
Setup a domain key for a domain – feel free to setup a few of these if needed
mkdir -p /etc/dkim/keys/$DKIMDOMAIN
dkim-genkey -r -d $DKIMDOMAIN
If you want an easy web based way check out http://www.socketlabs.com/services/dkwiz which also gives you the DNS records.
Create a file /etc/dkim-keys.conf and insert into it a line like this (replacing 'domain.com' with your own domain)
If you have problems, rename the default.private to just 'default' and use the website mentioned above to generate the keys. I found occasionally the command line generation failed on some distros .
If you used command line then check the file at /etc/dkim/keys/yourdomain/default.txt which will have something like this
default._domainkey IN TXT "v=DKIM1; k=rsa; p=MIGfMA0frgfrefgrweferNYlS+8jyrbAxNsghsPrWYgOQQWI0Ab4e9MT" ; —– DKIM default for yourdomain.com
Yours should be much longer, this was snipped for brevity. You need to add the TXT record default._domainkey with the key between the quotes. If you are using standard bind then you can copy/paste that into the named file.
NOTE: Newer versions use default.private._domainkey
Another TXT record worth adding is
_domainkey IN TXT t=y;o=~;
Now look for and edit your /etc/dkim-filter.conf (Debian based distros may have this in /etc/dkim/dkim-filter.conf ).
You need to have 2 lines like this
If you use debian you need to also edit /etc/default/dkim-filter and have the socket in there as SOCKET="inet:8891@localhost"
Then restart the DKIM filter
Now add the following code into the postifx config. This goes into main.cf (/etc/postfix/main.cf )
milter_default_action = accept
milter_protocol = 2
smtpd_milters = inet:localhost:8891
non_smtpd_milters = inet:localhost:8891
Then of course restart postfix
This should now sign emails going out with the domain key, it pays to use this webpage to check things are working http://www.brandonchecketts.com/emailtest.php .