Prerequisites
Before setting up DKIM, make sure you have:
- A domain name you control
- Postfix email server installed
- Root or sudo privileges
- Access to DNS management for your domain
Step 1: Install OpenDKIM
Connect to your VPS:
ssh hxroot@YOUR_SERVER_IP -p 22sudo apt install opendkim opendkim-tools -yStep 2: Create DKIM Keys
sudo mkdir -p /etc/opendkim/keys/example.com
cd /etc/opendkim/keys/example.com
sudo opendkim-genkey -D /etc/opendkim/keys/example.com -d example.com -s mail
sudo chown -R opendkim:opendkim /etc/opendkim/keys
sudo chmod 600 /etc/opendkim/keys/example.com/*mail is the selector name – you can choose any.
Step 3: Configure OpenDKIM
sudo nano /etc/opendkim.confEnsure these lines:
Domain example.com
KeyFile /etc/opendkim/keys/example.com/mail.private
Selector mail
Socket inet:8891@localhost
UserID opendkimCreate or edit /etc/default/opendkim:
RUNDIR=/run/opendkim
SOCKET="inet:8891@localhost"Step 4: Configure Postfix to Use OpenDKIM
sudo nano /etc/postfix/main.cfAdd:
# DKIM
milter_default_action = accept
milter_protocol = 6
smtpd_milters = inet:localhost:8891
non_smtpd_milters = inet:localhost:8891Step 5: Restart Services
sudo systemctl restart opendkim
sudo systemctl restart postfixStep 6: Get DKIM Public Key for DNS
sudo cat /etc/opendkim/keys/example.com/mail.txtCopy the TXT record value (everything after v=DKIM1;).
Step 7: Add DKIM Record in DNS
Create a TXT record for mail._domainkey.example.com with the value from step 6.
Example:
mail._domainkey IN TXT "v=DKIM1; h=sha256; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQD..."Step 8: Verify DKIM
Test with:
sudo opendkim-testkey -d example.com -s mail -vvvSend a test email and check headers for DKIM-Signature and Authentication-Results: dkim=pass.
✅ DKIM configured. Your outgoing emails will be cryptographically signed.