Postfix/DKIM

This guide will show you how to configure Postfix to use DKIM and DomainKeys.

OpenDKIM
Install :

Set selector name to "mydkim" (without the quotes), select "[2] 1024 bits" for your key. Your key will be created now. Copy it now and we will paste it into your Bind file later.

Edit the following file. Defaults are fine except for the following.

Edit the following and note the port in the socket configuration

Now edit your bind configuration:

Now edit your Postfix configuration. The following is two separate lines. Your port may be different:

The maximum size for all txt records in a DNS cannot exceed 512 bytes. This means that you cannot use 1024 bit for both DKIM and DomainKeys. If you need to use both DKIM and DomainKeys you will have to choose one 1024 bit and the other one 512 bit so that it can fit in the 512 bytes.

DKIM
Install :

Set selector name to "mydkim" (without the quotes),select "[2] 1024 bits" for your key. Your key will be created now. Copy it now and we will paste it into your Bind file later.

Edit the following file. Defaults are fine except for the following:

Now edit your bind configuration:

Now edit your Postfix configuration. The following is two separate lines:

Domainkeys
Install :

Set selector name to "mydk" (without the quotes), select "[1] 512 bits" for your key. Your key will be created now. Copy it now and we will paste it into your Bind file later.

Edit the following file making sure to replace domain.tld with your domain. The v option below is to verify incoming mail. You can remove it if you don't want that feature.

Now edit your bind configuration. The following is two separate lines:

Now edit your Postfix configuration. The following is two separate lines. We just append the DomainKeys to the DKIM line:

Services
Start up all the services:

You may want to configure these services to start at boot:

That's it, you should now have DKIM and DomainKey signed emails.

Testing
You can test your Domainkey/DKIM setup by sending a blank email to check-auth@verifier.port25.com. You will receive an email within about 30 seconds letting you know if your Domainkey/DKIM passes the test.