Today we will write a small tutorial on how to implement DomainKeys Identified Mail (DKIM) for the domain example.com.
DKIM is an email authentication method designed to detect email spoofing. It allows the receiver to check that an email claimed to come from a specific domain was indeed authorized by the owner of that domain.[1] It is intended to prevent forged sender addresses in emails, a technique often used in phishing and email spam.

So lets start by installing the necessary tools that will be used in implantation and configurations of the DKIM System.
At this point we are imagining you have a fully running mail server, and what you need is to implement DKIM to sign your outgoing mails from your domain or several domains

After the successfull installation of the tools, we will add  postfix user to the opendkim group to have access to opendkim

Then edit the dkims configuration files to match our requirements
Edit the following file

and make sure the below lines matches the following settings for our domain example.com

The last line on the above configurations  “SOCKET inet:1234@localhost should be added to the file /etc/default/opendkim

Edit /etc/default/opendkim and add

at the end of the file write, save and exit the editor

At this point we need to add some lines to postfix main.cf file so that it knows there is opendkim installed and use the settings on it for signing of mails

Edit the file /etc/postfix/main.cf and add the below settings at the end of the file

Edit the file /etc/postfix/master.cf and append no_milters to the line receive_override_options  this is found mostly if your using content filters on your mailserver and it will look like the below mail

After that we are done with the configurations of the openDKIM with postfix, the remaining part is to generate the key and txt file to be included with our domain and dns

Lets Generate the .key and .private files using the opendkim command below

You will see two files as shown below

dkim.private  dkim.txt

Move the dkim.private file to /etc/postfix/ and assign it with the appropriate permision as shown below

After that, we will need to restart opendkim and postfix service to take effect of the changes we have made

Create the directory and create the file opendkim.sock

Edit /etc/opendkim.conf and add the below line

Edit /etc/default/opendkim  comment the default SOCKET and add the below line

Restart the respective services for the changes to take effect

The two files which were generated above using the opendkim-genkey commands contains the key and txt content which will be add onto our domain dns forward file

Copy the content on the .txt file and login onto your DNS management interface, if your using command prompt or web Control Pannel, Add the information as TXT on the DNS management

Save the changes and give sometimes for the domain changes to take effect on the internet, but still you can try to dig and see what is happennig

I hope the above command wont give you a proper feedback, because the domain example.com is just for testing purposes, you can try with a domain that is live like yahoo.com, gmail.com and see what results your getting,

Also if you want to see if your DKIM configuration is done proper and working on fine, I would suggest you send a mail to a Gmail account where they show a pardlock which indicates if the mail was encrypted of not from the sender side.

Many Many thanks and welcome for DKIMing, incase you face any issue, do not hesitate to drop us a comments and we will revert back to you soonest

 

Troubleshooting link if it wont work with the above basic configurations

Unix/StackExchange