How to install DKIM with OpenDKIM and Postfix on a CentOS 7

Hello, today we install DKIM in Centos 7 with Postfix.

# yum install opendkim

Next step to do is to configure OpenDKIM.

# cp /etc/opendkim.conf /etc/opendkim.conf.orig
# vim /etc/opendkim.conf

Options should be like this:

PidFile    /var/run/opendkim/
Mode    sv
Syslog    yes
SyslogSuccess    yes
LogWhy    yes
UserID    opendkim:opendkim
Socket    inet:8891@localhost
Umask    002
Canonicalization    relaxed/relaxed
Selector    default
MinimumKeyBits 1024
KeyTable    refile:/etc/opendkim/KeyTable
SigningTable    refile:/etc/opendkim/SigningTable
ExternalIgnoreList    refile:/etc/opendkim/TrustedHosts
InternalHosts    refile:/etc/opendkim/TrustedHosts

Next step we have to edit /etc/opendkim/TrustedHosts

# vim /etc/opendkim/TrustedHosts

Now we edit /etc/opendkim/KeyTable

vim /etc/opendkim/KeyTable

Now opendkim needs to know relation between mail adress and domains whe should configure SigningTable file.

vim /etc/opendkim/SigningTable


Now we generate one keypair for each domain

cd /etc/opendkim/keys
opendkim-genkey -D /etc/opendkim/keys/ -d -s

You will get:

[root@mail keys]# ls -l
total 8
-rw------- 1 root root 891 apr 25 22:02
-rw------- 1 root root 344 apr 25 22:02

We have to change private keys owner.

[root@mail keys]# chown -R opendkim. /etc/opendkim/keys/

Restart opendkim and enable

 systemctl restart opendkim.service
 systemctl enable opendkim.service

Integrate opendkim with postfix:

 vim /etc/postfix/

and append these lines

milter_default_action = accept
smtpd_milters = inet:

Finally the most important step is publish your public keys in DNS.


default._domainkey IN TXT ( “v=DKIM1; k=rsa; ”
“p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDh1hbzE5Ae83qLXL/DKAhTmOYXzLG3+RfdjG9nbv+zH/STABdYpU7kQKAs0M9X1bdIe8We8Bs//vKqqtgOB/j/jwcH+VMou3wBEULshzQK6qoBSb413qdGEnXIHUP3e9p4VttlebSp5w/3dLaOpNFNUMKz6Xb2Pa8xlxn5DgNrYQIDAQAB” ) ; —– DKIM key for

Restart Postfix:

 systemctl restart postfix.service

How we test if works ?

 dig TXT +short

P.S. in dns we start with default._domainkey IN TXT ……

10 thoughts on “How to install DKIM with OpenDKIM and Postfix on a CentOS 7”

  1. Nice write up, however the article doesn’t explain the reasoning behind any of the steps. I find this really helps overall understanding of the explained steps and why something is happening as opposed to it should just be this.

    1. The reason of this post it’s just to show steps! Why ? You have to learn or ask in a comment !

  2. Nice!.
    I am wondering how to reject messages with no signature – per domain. For example, I am signing mails from so I need the DKIM validation to fail if the message claims to be from, but has no signature.
    Does anyone know?

  3. There is something wrong in your public key example.. The selector is not default when you generated the keys, it was
    Instead of:
    default._domainkey IN TXT ( “v=DKIM1; k=rsa; ”
    “p=MIGfMA….DAQAB” ) ; —– DKIM key for

    It should be IN TXT ( “v=DKIM1; k=rsa; ”
    “p=MIGfMA….DAQAB” ) ; —– DKIM key for

    1. You should also change the
      “dig TXT +short”
      to be coherent with
      “opendkim-genkey -D /etc/opendkim/keys/ -d -s”

  4. For CentOS 7.7, we had to add the following lines in configuration to get it work.
    milter_default_action = accept
    milter_protocol = 2
    smtpd_milters = inet:
    non_smtpd_milters = $smtpd_milters

Leave a Reply

Your email address will not be published. Required fields are marked *

8 + 7 =

This site uses Akismet to reduce spam. Learn how your comment data is processed.