Centos – Outbound emails not being signed with DKIM using Postfix on Centos


I have been using phpmailer for my emails and i had dkim working correctly with this. I have a key mail._domainkey.domain.com. I have validated my past emails with http://www.mail-tester.com/ and i got 9.4 for the phpmailer emails. I have setup postfix and opendkim. I have set them upp to use the same keys i had already setup before, but i ran a test with mail sent from postfix and it only got 9.0. It lost -1 for not having dkim. I should be ok with a score like this to not get filtered by spam, but since i have DKIM setup and working in the past id like to use it to get 10/10.

Is there a simple way that i can sign email with an existing private key file and a matching dns entry. Im using roundcube as the client, but it doesnt look like it can be configured at this level.

I checked the source of the email that was sent to gmail and there was no mention of dkim in the data. (it still made it to the inbox, but i want to get this sorted anyway).

Here is all the stuff i have configured to set this up


mail._domainkey.domain.com domain.com :default:/etc/opendkim/keys/domain.com/default


AutoRestart             Yes
AutoRestartRate         10/1h
Canonicalization        relaxed/simple
ExternalIgnoreList      refile:/etc/opendkim/TrustedHosts
InternalHosts           refile:/etc/opendkim/TrustedHosts
KeyTable                refile:/etc/opendkim/KeyTable
LogWhy                  Yes
Mode                    sv
PidFile                 /var/run/opendkim/opendkim.pid
SignatureAlgorithm      rsa-sha256
SigningTable            refile:/etc/opendkim/SigningTable
Socket                  inet:8891@localhost
Syslog                  Yes
SyslogSuccess           Yes
TemporaryDirectory      /var/tmp
UMask                   022
UserID                  opendkim:opendkim


*@domain.com mail._domainkey.domain.com




Best Answer

You need to add opendkim as a milter to postfix.

Make sure these two lines are in postfix's main.cf:

milter_protocol = 2
milter_default_action = accept

Then add opendkim to your milters:

smtpd_milters = inet:localhost:8891
non_smtpd_milters = inet:localhost:8891

I would also add localhost to the TrustedHosts file for opendkim since it's possible that postfix will connect to it over IPv6 (::1) instead of IPv4 ( Having localhost in the TrustedHosts file should be sufficient.

See: https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-dkim-with-postfix-on-debian-wheezy for some more details.