1. I disagree with you regarding the need of DomainKeys: they are needed as long as Yahoo uses them. That’s why you got those questions about it over and over. Nice that you listened them.


    1. I appreciate the candor of your comment, Alex. Still, regardless of who chooses to use DomainKeys, until I see documentation (or empirical evidence from tests I run myself) that signing an outgoing message with both DomainKeys and DKIM even slightly increases the likelihood of deliverability vs. signing with only DKIM, I won’t be convinced. If you (or anyone else reading this) has links to such documentation, I’d appreciate the link so that I can adjust my opinion. :)


  2. Ah, is not really difficult to see an evidence – just send 20 emails to yahoo accounts and probably half of them arrives into spam boxes. Unfortunately not even DomainKeys will guarantee a good delivery when dealing with Yahoo. This is THE ONLY reason I would ever recommend DomainKeys.


    1. I find that sender reputation and feedback loop participation are key factors when delivering to Yahoo. But the biggest impact is from following their published postmaster guidelines and throttling your delivery attempts per connection to no more than 20. One of my businesses delivers 1MM+ email messages per month using Postfix and signed only with DKIM (along with proper SPF config), most of which go to Yahoo subscribers and we see excellent deliverability rates. But if DomainKeys works for you, then that’s great. :)

  3. Sooraj

    Hi Steve,
    This is a wonderful tutorial. I liked it very much.

    http://www.topdog-software.com/oss/dk-milter/dk-milter-1.0.2-1.i386.rpm is not available anymore and i couldn’t find any rpm else where. But, i came across with this :
    So, to install this rpm. first you need to build it and building requires “rpmbuild”.
    so you need to run `yum install rpmbuild` first
    Next run : `rpm -ivh dk-milter-1.0.0-0.src.rpm’.
    If this shows an error (it might in CentOS), just create a directory `/usr/src/redhat/SOURCES`.
    Then, navigate to “/usr/src/redhat/SPECS” directory.
    Next run, `rpmbuild -bb –target noarch dk-milter.spec`
    Then navigate to /usr/src/redhat/RPMS/noarch/, go for the final install here:
    `rpm -Uvh dk-milter-1.0.0-0.noarch.rpm`
    After this, one can continue from your Blog Post.

    Thanks again for this tutorial.

  4. cvlad

    Hi, Mr. Jenkins,
    When I was looking for a solution for my problem, I just found a thread here http://lists.opendkim.org/archive/opendkim/users/2011/03/0924.html, where you said you fixed a similar problem.
    My problem is that dkim is signing messages twice, and I kindly ask you to help me fix it, if you have the time.
    You could contact me by email, if it suits you.
    Thank you a lot,

      1. cvlad

        Thank you for the quick answer. I followed the no_milters tip. I tested and still have two signatures on email. I must say that dkim is not mentioned in my amavisd configuration, but is setup in postfix’s main.conf like this:

        milter_default_action = accept
        milter_protocol = 2
        smtpd_milters = inet:localhost:8891
        non_smtpd_milters = inet:localhost:8891

        Would be wiser to setup dkim inside amavis , instead ?


        1. I don’t like the DKIM signing in Amavis (it’s never as up-to-date with the DKIM specs as OpenDKIM is). If you’ve already done the no_milters step, post your issue on the OpenDKIM-users mailing list. I bet it’s solved within the day. :)


  5. this is really helpful. I have been struggling to send emails from my blog and some email hosts were rejecting the emails like crazy.

  6. Thomas

    hello Steve,
    I followed your tutorial about dkim and domain keys and I thank you. Everything works well after a lot of work: I added ‘MaximumSignedBytes 512′ in file ‘/etc/opendkim.conf’ to make it work also with long messages (problem found in yahoo) However, I cannot figure how to set the same option in dk-milter (/etc/sysconfig/dk-milter), which still does not work with long messages in yahoo, while with short it’s ok. Also, the suggested rpm ‘dk-milter-1.0.2-0.x86_64.rpm’ does not work with ‘CANON’ other than ‘simple’. — So at the time I get ‘domainkeys=fail (bad sig); …dkim=pass (ok)’ only with not short messages : any idea? thanks

  7. Daniel

    Hello Steve

    Just wondering if you can point me into the right direction to compile/install senderid-milter on a CentOS 6 64 bit system. The compilation dies at some point and I can’t find anything useful to fix the problem. I can’t find any RPM/SRPMs either … Thanks,



    1. Are you looking to verify SenderID for incoming mail in your MTA? You don’t need a milter to send. The sender does it all through DNS text records.

      1. Daniel

        You’re right, thanks Steve for clarifying the matter for me.



  8. Shutting down all DomainKeys milter (dk-filter): [FAILED]
    Cleanup for DomainKeys milter (dk-filter #0):
    Starting DomainKeys milter (dk-filter #0): dk-filter: smfi_opensocket() failed

  9. Muhammed Thaha K

    # service dk-milter start
    chgrp: cannot access `inet:10035@localhost': No such file or directory
    chmod: cannot access `inet:10035@localhost': No such file or directory


  10. hello
    Thanks for this tutorial, it’s work perfectly. i have installed DKIM and domainkey. but can you help me to edit DK-milter.conf to use list key and domains of DKIM.
    Note: i have setup multi keys,domains in DKIM

  11. Vijay

    Hello, My sincere thanks to Steve Jenkins for this tutorial
    and Sooraj’s comment on how to build RPM from source. Everything is
    working fine but i would like to know how do i sign multiple
    domains with dk-milter? Please find the compiled RPM
    -dk-milter-1.0.2-1.el6.i686.rpm , with the below link,


Leave a Reply