Install and integrate DKIM with OpenDKIM and Postfix on a CentOS

In this article we are going to see  the steps of installing and configuring dkim with OpenDKIM  on a CentOS 7. I am showing some easy steps with pictures as well video tutorial tutorial to install and configure OpenDKIM. Lets learn something about OpenDKIM

What is OpenDKIM ?

OpenDKIM is an open source implementation of the DKIM (Domain Keys Identified Mail) sender authentication system which is an email validation system designed to detect email spoofing by providing a mechanism to allow receiving mail exchangers to check that incoming mail from a domain is authorized by that domain’s administrators. A digital signature included with the message can be validated by the recipient using the signer’s public key published in the DNS.

Steps to Install OpenDKIM

1. Update system and install required packages

# sudo yum update -y

# yum install curl wget vim openssl man


2. Enable EPEL Repository

OpenDKIM is available in EPEL ( Extra Packages for Enterprise Linux ) Repository. EPEL Repository can enable with this command

# yum install

We can check this repository is enabled in system by the following command

# yum repolist


3. Once you came to know EPEL Repository is enabled go ahead and install OpenDKIM

# yum install opendkim


4. Rename its default config file in etc/opendkim/ and proceed with adding new OpenDKIM Config file in the same directory with

# mv /etc/opendkim.conf{,.default}

# vi /etc/opendkim.conf


5. Adding below configuration in new opendkim.conf

AutoRestart Yes
AutoRestartRate 10/1h
LogWhy Yes
Syslog Yes
SyslogSuccess Yes
Mode sv
Canonicalization relaxed/simple
ExternalIgnoreList refile:/etc/opendkim/TrustedHosts
InternalHosts refile:/etc/opendkim/TrustedHosts
KeyTable refile:/etc/opendkim/KeyTable
SigningTable refile:/etc/opendkim/SigningTable
SignatureAlgorithm rsa-sha256
Socket inet:8891@localhost
PidFile /var/run/opendkim/
UMask 022
UserID opendkim:opendkim
TemporaryDirectory /var/tmp

Configure Public / Private Keys

1. Generate keys for your Domain by the following commands

# mkdir /etc/opendkim/keys/

# opendkim-genkey -D /etc/opendkim/keys/ -d -s default

# chown -R opendkim: /etc/opendkim/keys/

# mv /etc/opendkim/keys/ /etc/opendkim/keys/


2. Once the key is generated successfully, add your domain in the following records

Edit  /etc/opendkim/KeyTable and add your domain name


3. next, edit /etc/opendkim/SigningTable and add the following record to OpenDKIM’s signing table



4. also add your domain and your hostname as trusted hosts in /etc/opendkim/TrustedHosts


5. Start OpenDKIM and Enable the service on boot

# sudo systemctl start opendkim.service

# sudo systemctl enable opendkim.service


6. finally, edit your DNS zone and add the TXT record from /etc/opendkim/keys/ also



7. You should add an SPF record if you haven’t already 14400 IN TXT “v=spf1 a mx ~all


8. Verify your dkim TXT record is valid using dig for example

# dig +short TXT

Configure Postfix

1. To integrate OpenDKIM with Postfix we need to add the following few lines in /etc/postfix/

smtpd_milters = inet:
non_smtpd_milters = $smtpd_milters
milter_default_action = accept
milter_protocol = 2


2. Finally, Restart Services

Add OpenDKIM to your system’s start-up and start opendkim and restart postfix using the following commands:

# systemctl restart opendkim.service

# systemctl restart postfix.service

Test The Setup

To test the set-up simply send an email to [email protected] and you should receive back an email containing something like this:

Summary of Results
SPF check: pass
DomainKeys check: neutral
DKIM check: pass
DKIM check: pass

Video Tutorial


  1. Simply desire to say your article is as astounding. The clarity for your post is just great and that i
    can think you are knowledgeable in this subject. Well with your permission allow
    me to grab your RSS feed to keep updated with approaching post.
    Thank you 1,000,000 and please keep up the gratifying work.

  2. Hello,

    I followed the complete steps but I’m not able to get my emails DKIM is the result –

    Thank you for using the verifier,

    The Port25 Solutions, Inc. team

    Summary of Results
    SPF check: pass
    “iprev” check: pass
    DKIM check: none

1 Trackback / Pingback

  1. How to stop Email Spoofing - TechsBucket

Leave a Reply

Your email address will not be published.