115 Comments


  1. Bill

    Thanks for providing these RPMs, it makes it much easier to install than the previous method of building from source (which I’ve been using for a while). These are excellent instruction for getting it working but there’s one error and a question. You have this at the “Edit Configuration Files” section:

    /etc/opendkim/trusted-hosts

    and you then reference the following (in line 61 of the conf file):

    /etc/opendkim/TrustedHosts

    On line 64 of the conf file you reference the dataset with a preceding “refile:” to the file name. In line 52 where you mention the KeyTable you omit the “refile:”, is this a change to the conf file or have you just missed that from a couple of those lines?

    Once again, many thanks for your wok on this.

    Reply
    1. Bill

      Oops, typing error. My last line should have read:

      Once again, many thanks for your work on this.

      Reply

    2. Hi, Bill. Ah – that was a typo on my part. I used to recommend “trusted-hosts” but then switched to “TrustedHosts” to be consistent. I’ve updated the HowTo. Thanks for the catch!

      Reply

    3. And to answer your other quesiton, the refile: prefix is only necessary if you want to use the wildcard * symbol in your files (like I do in my SigningTable). A very early version of OpenDKIM used to support regular expressions, and the term was kept in for backward compatibility, even though it no longer technically supports regex (or needs to). I now throw the refile: prefix at all the files, because I’ve been stumped in the past when troubleshooting things that weren’t working as I expected, and didn’t notice that I’d missed the prefix. So now I always use it, and avoid the “DOH!” moments. :)

      Reply

  2. ethilanka

    Im getting following error when i try to run ” /usr/local/bin/opendkim-genkey -D /etc/opendkim/keys/example.com/ -d example.com -s default”

    -bash: /usr/local/bin/opendkim-genkey: No such file or directory

    Let me know which step i have missed…!

    Cheers…!

    Reply
      1. Robert

        My opendkim version is: 2.9.0
        I downloaded manual to my server and installed correctly.

        [root@DNS1 ~]# which opendkim-genkey
        /usr/bin/which: no opendkim-genkey in (/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin)
        [root@DNS1 ~]#

        Reply
  3. Eric

    Getting the error

    Oct 14 06:12:21 power opendkim[3408]: (unknown-jobid): no signing table match for ‘randy@somedomain.com’
    Oct 14 06:12:22 power opendkim[3408]: C5D7A7070447: no signature data

    *@somedomain.com default._domainkey.somedomain is in my SigningTable

    somedomain=my domain. I changed it as this is public and everbdoy can view it.

    Any ideas?

    Reply

    1. The “.com” is missing off your SigningTable line in this example, I’m assuming that’s in your actual signing table? Also, does your opendkim.conf file reference your SigningTable file with “file:” or “refile” in front of it? You need “refile” in order to use wildcards.

      Reply
      1. Eric

        Awesome! that appears to have fixed it however it appears in my mail log the signature is not being added.

        I went thew and double checked everything so what do you think is the issue?

        Reply

        1. There could be a lot of reasons. I’m assuming you followed the troubleshooting steps and set LogWhy to yes. If so, what does the log say is the reason for not signing?

          Reply
          1. Eric

            I did so and it still doesn’t Display it.

            Oct 14 06:34:19 power postfix/smtpd[3856]: connect from “CUT”
            Oct 14 06:34:19 power postfix/smtpd[3856]: 1EBD77070447: client=”CUT”, sasl_method=LOGIN, sasl_username=”CUT”
            Oct 14 06:34:19 power postfix/cleanup[3862]: 1EBD77070447: message-id=<5df0302115198ab862887b06d2d5e102@"CUT"
            Oct 14 06:34:19 power postfix/qmgr[3300]: 1EBD77070447: from="CUT", size=596, nrcpt=1 (queue active)
            Oct 14 06:34:19 power postfix/smtpd[3856]: disconnect from "CUT"
            Oct 14 06:34:19 power dovecot: IMAP("CUT"): Disconnected: Logged out

            You can see it's running tho

            Oct 14 06:33:35 power opendkim[3688]: OpenDKIM Filter: mi_stop=1
            Oct 14 06:33:35 power opendkim[3688]: OpenDKIM Filter v2.4.2 terminating with status 0, errno = 0
            Oct 14 06:33:36 power opendkim[3830]: OpenDKIM Filter v2.4.2 starting (args: -x /etc/opendkim.conf -P /var/run/opendkim/opendkim.pid)

            Boy am I’m stupid lol

            I overlooked changing mode v to mode sv and it works now!

            Thanks for your help!

  4. kan

    I used opendkim under CentOS-32 and worked fine without an issue.
    But I’m using opendkim under Centos-64 5.7, Postfix 2.3.3, opendkim 2.4.2 and I’m facing that Domain key =Failed.

    Yahoo check = PASS, Hotmail and Gmail=Fail
    brandonchecketts=Message does not contain a DomainKeys Signature
    Thank you

    Reply

    1. The results are accurate. DKIM is not the same as DomainKeys. DomainKeys is outdated, and replaced by DKIM, but Brandon’s tool allows you to check both. If Brandon’s site passes the DKIM check (again, different than a DomainKeys check), then you’re good to go.

      As an aside, you may want to consider upgrading your Postfix. I have a post here in my blog dedicated to building the latest version for CentOS and upgrading seamlessly.

      Reply
      1. Brad

        Doesn’t Yahoo still rely heavily on DomainKeys, though? Is it possible to use opendkim to sign with DomainKeys as well as DKIM? The code suggests it’s possible, but I’m not having much luck with configuring it.

        Reply
  5. JP

    In your notes about generating keys, you may want to note that /etc/rc.d/init.d/opendkim will automatically generate keys for the host domain upon initial startup unless this variable is changed in that file:
    Change
    AUTOCREATE_DKIM_KEYS=yes
    to
    AUTOCREATE_DKIM_KEYS=NO

    You do say this will happen, but this is how to prevent it from happening in case you are generating individual keys by following the steps after that.

    Reply

    1. Good point, JP. I did include that support in the spec file for the package, but didn’t mention it in this article. I’ll add it. :)

      Reply

  6. This script will come in handy especially if you have several domains to do. It generates the keys, then performs steps 2,3, and 4 of “Edit the configuration files”:


    #!/bin/sh

    domain=$1

    function makekey {
    domain=$1
    mkdir /etc/opendkim/keys/$domain
    /usr/bin/opendkim-genkey -D /etc/opendkim/keys/$domain/ -d $domain -s default
    chown -R opendkim:opendkim /etc/opendkim/keys/$domain
    mv /etc/opendkim/keys/$domain/default.private /etc/opendkim/keys/$domain/default
    }

    makekey $domain
    echo "default._domainkey.$domain $domain:default:/etc/opendkim/keys/$domain/default" >>/etc/opendkim/KeyTable
    echo "*@$domain default._domainkey.$domain" >> /etc/opendkim/SigningTable

    Reply
  7. Anshul

    Hi Steve,

    Thanks for your blog. I followed step by step process whatever you defined here. But I am getting error in my log file when I try to send mails.
    opendkim[13511]: KeyTable entry for ‘default._domainkey.my_domain.com’ corrupt

    Reply

    1. Based on the error message, it’s saying something is wrong with your KeyTable. Try recreating your KeyTable and be careful not to make any typos!

      Reply

  8. When I run:

    yum install opendkim

    I get this repsonse:

    Setting up Install Process
    No package opendkim available.
    Error: Nothing to do

    Reply

          1. Ah – I bet that’s it. :) Scroll back up and look for the link to the EPEL setup instructions in the paragraph just before the “yum install opendkim” step.


  9. I am getting pretty close. When I run:
    service opendkim start
    I get – configuration error at line 2: unrecognized parameter

    Line 2 is – PidFile /var/run/opendkim/opendkim.pid

    I looked in the /var/run/opendkim folder and there is no opendkim.pid file.

    Reply

  10. I still have two problems. For Umask 002 I am getting an Illegal value error.

    Then, when I try to start dkim, I get this error:

    : dkimf_db_open(): No such file or directoryndkim.conf: refile:/etc/opendkim/TrustedHosts

    Reply

    1. Hmm… I’ve never seen that Umask issue before, so I can only assume it’s related to something on RHEL6 – and I haven’t tested this on there yet. I’ll fire up a VM and test it out.

      However, the fact that you’re getting that error regarding the TrustedHosts file causes me to believe you’re missing some steps in the setup. In the “Edit the configuration files” step, it clearly states you have to create it. I’d re-read the instructions to make sure you’re not missing anything else.

      Reply

      1. I just fired up a vanilla CentOS 6 VM running Postfix 2.8.4, and then followed the instructions in this article exactly and got OpenDKIM running fine, so I’ve confirmed they work on EL6. My gut says you’re probably missing something simple in the instructions, so please go through them carefully. If you’re still having trouble, join the OpenDKIM-users mailing list and we can figure it out over there. :)

        Reply
    1. John Low

      Thanks Steve for this wonderful step-by-step guide.

      Hi Rick,

      I ran into the same issue as you.

      So, I commented out UMask and am now getting the error:
      : dkimf_db_open(): No such file or directoryndkim.conf: refile:/etc/opendkim/TrustedHosts

      Therefore, greatly appreciate if you can share the solution.

      Reply
        1. John Low

          Yes Sir. There are 3 files: KeyTable, SigningTable and TrustedHosts in the directory. There is also the keys subdirectory.

          There are 4 lines in the TrustedHosts:
          127.0.0.1
          localhost
          [our ip address]
          [our domain name]

          Reply

          1. Hmmm…. Come join the OpenDKIM-users email list and I know we can sort it out.

          2. John Low

            Hi Steve

            Tried to join the list but received this weird error email reply after I replied to the email “Subscription confirmation for ‘opendkim-users’‏”…

            >> �6�{��{�u&�� ]� �8��� 4�Z� �b���k�b� �� �vH�����:���g��,��h�f� �( �n7�
            >> �n�+� b�w( �� �b�w��)zwd�o� �������g��,��h�f� �(����z�^v�Z *.m�.n�+�
            >> ��^ ” ��z &j)b� b� ��� �� ��m��z r��a�ɞ�Ơ{�^j����^ �,j ����)�i���
            >>  ay�%��”� b �” ��j)m����k����l��^ ” �+������o���� � �vH������yh�����fj)�r���
            >> A�A
            Unknown command.

            Seems like it’s not gonna be my day… :(

          3. John Low

            Hi Steve

            Turns out that at least one of the files were corrupted. I recreated them and the errors are gone.

            Now, I’m able to receive email but nothing gets sent. Has this anything to do with DKIM?

            Thnx!


          4. OpenDKIM won’t prevent your mails from sending. Was your mail server functioning properly before trying to set up OpenDKIM?

          5. John Low

            You’re right Steve.

            Mails are just not getting sent via port 25… I’m so sorry for the trouble.

            Cheers and have a good day :D

  11. Nick

    Thanks for the fine tutorial.

    A short question: When defining

    "Domain example.com"

    does this affect subdomains too, or we must define any subdomains explicitly?

    For example, mail from tech.example.com will also be signed?

    Thanks,
    Nick

    Reply

    1. Subdomains are considered different domains. You can ignore the “Domain” directive if you use the SigningTable, and include all your domains and subdomains for which you wish to sign in there instead.

      Reply
      1. flexic

        Related to subdomains, we have a couple older servers setup for dkim-milter so they have their own selectors (ex: william._domainkey.somedomain.com and james._domainkey.somedomain.com). I am setting up a new server with OpenDKIM, should I change the configs for all mail servers to use the same pub/private keypair and reference default._domainkey.somedomain.com ? If not how would I setup the various keytable files to handle the new server, say henry._domainkey.somedomain.com?

        Reply

  12. Just wanted to say “Thanks!” With your walkthrough, this was easy as could be.

    Reply
  13. Gavin

    Hi There, This guide helped me greatly – i managed to get DKIM working for all my 3 domains under postfix 2.3.3. However a recent plesk update very kindly updated my postfix to 2.8.4 and now things have changed – the DKIM signature is added via server webmail (signature works and is validated)- however emails sent from Outlook/Entourage sent through the postfix (using same authentication details) server do not get the signature added at all. I have ensured all IP addresses are add to the TrustedHosts file. Would you have any suggestions ?

    Reply
  14. iliya

    Thank you very much! Awesome tutorial, I’ve set up dkim within half an hour.

    Reply

  15. I overlooked changing mode v to mode sv and it works now!

    I missed this part too. While this excellent article does give you the instruction to make your opendkim.conf “look like this”, it’s a bit misleading that all the other changes are explicitly mentioned. It took me a good while to figure out why my mails weren’t getting signed, though in hindsight the Mode being left at the default of “v” was obvious.

    Thanks for this extremely insightful article. After setting up OpenDKIM my server e-mails are finally getting through to Gmail inboxes. Thanks!

    Reply



  16. hi,

    i have installed EPEL repositories, but cant get “yum install opendkim” to work. centos 5, any idea?

    Thank you

    Reply
  17. oscar

    Hi Steve I have made the guide with no problems! Its very well explained :)

    Just that sometimes on hotmail I got DKIM pass and sometimes PermError

    FAIL:

    X-SID-PRA: info@mydomain.com
    X-Message-Status: n:0:n
    X-SID-Result: Pass
    X-DKIM-Result: PermError
    X-AUTH-Result: PASS

    WORKING:

    X-SID-PRA: info@mydomain.com
    X-Message-Status: n:0:n
    X-SID-Result: Pass
    X-DKIM-Result: Pass
    X-AUTH-Result: PASS

    That test was on the fly, one mail behind other, and trying a few times it changes sometimes pass and sometimes PermError

    Any idea? :/

    thanks!

    Reply
    1. oscar

      Sorry I have an error on the key

      The k was missing on the key rsa value

      v=DKIM1; =rsa; p=MIGfMA0GCSqGSIb3DQ….

      But without the K sometimes hotmail return X-DKIM-Result: Pass

      Now I correct it always is marked with X-DKIM-Result: Pass

      Thanks :)

      Reply
  18. JK

    opendkim is signing all email for all domains, even though I set it to sign only a specific domain. Any fix for this?

    Reply


  19. Really great tutorial, thanks a ton for putting it up. It worked perfectly, I just had to also change the /etc/sysconfig/opendkim AUTOCREATE_DKIM_KEYS=NO like JP says above to keep it from generating keys on startup. Hotmail and gmail are both passing dkim now, and I’m going to check everybody else now. Thanks again!

    Reply
  20. Alan munoz

    Hi Steve, excelent tutorial, But i can’t get signed my emails, i did everything step by step and i have no errors or missing any configuration, i have recheked some times. My emails are not signed yet, i add the TXT records yesterday and is not correct 24 hours after. What i can check to get this solved?

    I apreciate your help.

    Reply
  21. David B

    Hello. Great article, thanks for the tutorial . I’m newbie with DKIM and postfix but with this excellent tutorial mails was signed at the first run!!

    Reply
  22. Peter Jamnicky

    Hello.

    Thank you. Great, great, great… This is only one good guide.

    SigningTable
    *@
    correct any my problems :)

    Reply



  23. Steve,

    This is a wonderful guide, and I’m now using DKIM correctly and it’s working in all cases except one. Our mail server runs a script to deliver a mailing list to our clients. How it works is that it generates an email file on disk, and then runs “cat /path/to/tempfile | sendmail -t -fmailinglist@domain.com” so that the sendmail script parses the tempfile for addresses to send the email to. The headers of the email contain the recipients in a bcc header.

    The problem appears to be that the sendmail script does not connect to the smtp server (postfix) via TCP connection, EG: 127.0.0.1, and so emails processed this way do not appear to be getting signed. Any idea how we can add local file sockets to the TrustedHosts file?

    Server Config:
    CentOS 6
    Postfix
    opendkim-2.7.3-2.el6.i686 from epel

    TrustedHosts
    127.0.0.1
    localhost
    192.168.254.2

    With this config, dkim signatures appear in emails sent from 192.168.254.2 using sendmail -t, but not when using sendmail -t on the mail server itself. Also, the email headers as received by the recipients doesn’t contain an expected header like:

    Received: from ourserver (ourserver.domain.com [127.0.0.1])
    by ourserver.domain.com (Postfix) with ESMTP id 865A0C03C9
    for ; Tue, 8 Jan 2013 02:02:42 +0000 (UTC)

    It’s this missing header which makes me suspect that it’s not matching TrustedHosts entry.

    Reply

    1. Cause found, original post can be deleted. postfix main.cf change from

      non_smtpd_milters = $smptd_milters
      # to
      non_smtpd_milters = $smtpd_milters

      # note $smptd_milters should be $smtpd_milters

      Reply
  24. Akram

    Hello, thank you for your post, it is really helpful and well explained. I followed all those step, but my email still don’t integrate the dkim signature, i don’t know why. when i test sending email, i get this header.

    Return-Path:
    X-Original-To: best@www.brandonchecketts.com
    Delivered-To: spamapp@yen.roundsphere.com
    Received: from iituness.com (iituness.com [192.162.68.128])
    by yen.roundsphere.com (Postfix) with ESMTP id 2E7CA3A38009
    for ; Sat, 12 Jan 2013 12:55:15 -0500 (EST)
    Received: from iituness.com (localhost [127.0.0.1])
    by iituness.com (8.14.4/8.14.4) with ESMTP id r0CHtEsp032049
    for ; Sat, 12 Jan 2013 20:55:14 +0300
    Received: (from root@localhost)
    by iituness.com (8.14.4/8.14.4/Submit) id r0CHtE2a032047
    for best@www.brandonchecketts.com; Sat, 12 Jan 2013 20:55:14 +0300
    Date: Sat, 12 Jan 2013 20:55:14 +0300
    From: “me@iituness.com”
    Message-Id:
    Subject: Testing

    i think the error is that root@localhost is the sender of the email, i don’t know how to change it.
    can you help me?

    Reply
  25. Linus

    Steve, first thank you very much for your nice tutorial.
    Basically I think my setup is runnig, but I’m experiencing problems with the DNS record. While doing the

    cat /etc/opendkim/keys/example.com/default.txt

    I receive the output as follows:

    default._domainkey IN TXT “v=DKIM1;=rsa; p=MIGfMA0G

    Since my messages do not appear as signed somewhere else and http://dkimcore.org/c/keycheck tells me “This is not a good DKIM key record”, I strongly believe something is going wrong. Unfortunately I have no clue what this could be, everything has been done as provided by you.

    Thanks a lot in advance!

    Reply
    1. A Reader

      you are missing the K in k=rsa

      see comment above by Oscar

      Reply

    1. Thanks, Almir! I’m sure this will come in useful for admins with lots of domains. I’ll mention it in the main article.

      Reply

  26. agismaniax

    I followed these steps carrefully, but in the end I always get DKIM fail.

    ==========================================================
    Summary of Results
    ==========================================================
    SPF check: pass
    DomainKeys check: neutral
    DKIM check: fail
    Sender-ID check: pass
    SpamAssassin check: ham

    Authentication System: DomainKeys Identified Mail (DKIM)
    Result: DKIM signature confirmed BAD
    Description: Unrecoverable error during processing; signature data cannot be verified
    Reporting host: services.sendmail.com
    More information: http://dkim.org/
    Sendmail milter: http://opendkim.org/

    I’m using CentOS 6.3 (x64), Postfix 2.6.6 and MailScanner 4.84.5.
    Could you help me?

    Reply


  27. tam

    opendkim install, but when i receive mail, maillog error:
    May 26 20:26:35 mail postfix/smtpd[14790]: warning: unreasonable macro call nesting: “inet:127.0.0.1:8891?non_smtpd_milters = ”
    May 26 20:26:35 mail postfix/smtpd[14790]: warning: unreasonable macro call nesting: “smtpd_milters”
    May 26 20:26:35 mail postfix/smtpd[14790]: fatal: dictionary mail_dict: macro processing error
    May 26 20:26:36 mail postfix/master[14774]: warning: process /usr/libexec/postfix/smtpd pid 14790 exit status 1
    May 26 20:26:36 mail postfix/master[14774]: warning: /usr/libexec/postfix/smtpd: bad command startup — throttling

    Reply
  28. Carlos

    Hi Steve,
    hopefully you are giving still support here, I got following error messages in maillog:

    Can’t load key from /etc/opendkim/keys/mydomain.com/default.private: Permission denied
    hostname opendkim[1319]: 5C4A1600F0: error loading key ‘default._domainkey.mydomain.com’

    Actually no emails are sent, did already chmod 700 to the default.private file. If using chown, to what I should set the permissions?

    Best regards,
    Carlos

    Reply

    1. The private key should be permissions 600 (not 700) and owned by the opendkim user. Try:

      chown -R opendkim:opendkim /etc/opendkim/keys/mydomain.com

      and

      chmod 600 /etc/opendkim/keys/mydomain.com/*

      Reply
  29. Carlos

    Hi Steve, what should I say… thank you, thank you very
    much, for this great blog post and for giving support! It works
    fine now! Have a nice weekend! Carlos

    Reply

  30. Hello, Congratulations for the tutorial on opendkim. Excuse
    my English, but I’m french and that message is translated with
    google translation. My dedicated server with 1 & 1 with
    Centos 5.9, Postfix 2.8.4 and Plesk 11.0.9. My opendkim is probably
    not installed because when I type in Putty “Service opendkim start”
    I have the answer. ” Starting OpenDKIM Milter: opendkim:
    /etc/opendkim.conf: configuration error at line 20: illegal value”
    I also have an error “`opendkim:opendkim': invalid user ” If I give
    you private and the root password of my SSH access, you can watch
    on my server where the problem is? friendly greetings Charley
    KIEFFER

    Reply

  31. Leon

    Hi Steve,

    Thanks for you post it was really helpfull in getting the opendkim to work.
    I had one problem that i couldnt find here that maybe of help to someone debuging their config.
    Make sure there are no spaces at the end of the lines in the KeyTable
    Spaces will not be stripped when dkim parses the line and therefore your keyfile will not be found.

    Leon

    Reply
  32. Leon

    Hi Steve,

    I have a double signing problem using postfix and opendkim:
    From the command line mails are signed once and are tested ok by Google, port25 and elandsys. Sofar all is cool.
    But when I mail from Interspire messages get signed twice.

    Is there a way to send mail for signing using the master.cf ?
    This could give us a way to only loop once through the opendkim signing process.

    Thanks

    Leon

    Reply
  33. Alejo

    Hi Steve, thanks very much, this thing works in the first try (Centos 5.8),
    my only question is …can have my dns zone (/var/named/) have many signatures ?
    or is only one per domian ?

    Reply
  34. vinit

    Hi ,
    I have newly installed opendkim on centos 6.4 and i found your article very helpfull but still my mail are not getting signed please help me.

    Reply
  35. maryan

    more than 2 yrs old but still works like charm.

    thanks man. :)

    Reply

    1. Thanks, Maryan. I come back through and follow this procedure myself every time I update the Fedora/EPEL package, so I try to keep it up to date. :)

      Reply
  36. Zot ter

    Just wanted to say “Thanks!”

    Used the RPM method (EPEL repo) to install OpenDKIM and configure it on a CentOS 6.5 box using postfix.

    Worked first try with no issues at all. Well done on the how to!!

    Thanks!

    Reply
  37. zlaja

    I’m getting error while loading key, even though ower is opendkim and permisions are 600.
    This is output of /var/log/maillog

    Feb 12 08:20:10 opendkim[2947]: default._domainkey.steadyhealth.com: key data is not secure: / can be read or written by other users
    Feb 12 08:20:10 opendkim[2947]: 9C3ED5A008F: error loading key ‘default._domainkey.steadyhealth.com’
    Feb 12 08:20:10 postfix/cleanup[5718]: 9C3ED5A008F: milter-reject: END-OF-MESSAGE from localhost[127.0.0.1]: 4.7.1 Service unavailable – try again later; from= to=

    Reply

  38. Great Article Steve. Many thanks.

    I “think” most of it worked but I am having an issue with the mail client rejecting (5.3.1) the relay.

    I am wondering if its something to do with postfix/main.cf edits. I’m running Centos 6.

    Any ideas? or where to start?

    Reply

  39. Frickin’ Brilliant!

    I’ve needed to add DKIM to my email server for ages but references from Microsoft, Google, Yahoo etc give such convoluted garbage about how to install.

    I followed these instructions easily and everything worked the first time it was enabled. Brilliant authorship.

    WHOOHOO!

    Reply

  40. Hi I Follow all the steps here and I see that OpenDKIM (with sendmail) is running ’cause I verify the message on maillog but when I send email from server using mail command for example to brandon check web it’s telling me that there is “does not contain a DKIM Signature”, I also verify the etc/opendkim.conf and I ussing sv and refile: insted of file: but I still getting any signature.

    Reply
  41. Lou

    Steve,

    thanks for this.

    Worked like charm.

    Reply
  42. soyguille

    Thanks a lot !!

    Working on a Centos 6.4 cloud server hosted in OVH , Parallels Plesk Panel 11.5 doesn’t support, neither 12.x and DKMI must be set manually

    I have been searching for a long time for a set by step guide for newbees like me and finally I got it working.

    It is and old guide, but it is useful now.

    Reply
  43. drkilra

    Your awesome man, thanks so much for a great tutorial.

    For me I found that using postconf -e to input the postfix lines worked vs editing the main.cf

    Reply
  44. Alan

    Any ETA for opendkim for Centos 7? There is no rpm in epel and the source will not compile.

    Reply

    1. Been working on it today, and having trouble due to the fact that there’s no libbsd available on CentOS 7 yet (I bet the packager is working on it… just like I’m scrambling to try and get OpenDKIM running on it).

      If you follow my Twitter feed, I announce when I put new builds in the repos. Working with the OpenDKIM dev team now to figure out a workaround for the strlcat issue.

      Reply
  45. ted

    Great help Steve -many thanks. Just one comment (applicable to many people not targeted at you) PLEASE stop using mail lists and use a forum for support.

    I’m struggling a bit with the public key right now – the default.txt file has extra stuff in it I dont think needs to go in the DNS TXT section
    the brackets and “IN TXT” and a couple of extra quotes – once it propogates I can try again – I doubt I could have done this without your help though so thanks again.

    T.

    Reply

    1. Hi, Ted. I’m not the developer of OpenDKIM. I’m merely the maintainer of the Fedora/RHEL/CentOS version of the package. I also prefer forums for support, because it allows for better archiving of topics that many will likely encounter. You can make your suggestion to the developer of OpenDKIM at http://www.opendkim.org/.

      Reply
  46. Ted

    Hi Steve –
    I will make the suggestion as you say to opendkim
    Just an FYI – my dkim worked fine after the propogation – what threw me was the phrase “paste the entire contents of the default.txt file”
    By the time I got that far I was following your instructions word for word with my brain in idle!

    All I have to do now is find out why my mail is still not being forwarded to googles customers … If you (or anyone) knows a google list of requrements I’d love to get a link – my site/domain is perfectly clean and their relay accepts the mail then seems to just drop it.
    I’m running out of ideas and they refuse to respond to requests for info.

    Again – thanks.

    Reply

  47. Hi Steve, I just finished my italian guide on OpenDKIM via EPEL on CentOS 7: https://turbolab.it/354 . It’s based on my experience setting up DKIM for the same site. Credit to you and a linkback to this article is near the bottom of mine. Thanks again for your excellent work!

    Reply

  48. Hi Steve, I tried to install opendkim with yum on Centos 6.5 but get the error:
    –> Processing Dependency: libevent-1.4.so.2()(64bit) for package:
    unbound-libs-1.4.21-1.el6.x86_64
    –> Finished Dependency Resolution
    Error: Package: unbound-libs-1.4.21-1.el6.x86_64 (epel)
    Requires: libevent-1.4.so.2()(64bit)
    Available: libevent-1.4.13-4.el6.x86_64 (base)
    libevent-1.4.so.2()(64bit)
    Installed: libevent-2.0.12-1.rhel6.x86_64 (installed)
    Not found
    Do you know a way to solve this?

    Thanks,

    Reply
  49. AV

    If you see no logging of the opendkim in the logfile other then staring and stopping and you have set the “logwhy” it could be due to amavisd-new. My amavisd install had the $enable_dkim_verification and $enable_dkim_signing set to 1 by default.

    Setting this to 0 (disabled) made the logging work and the signing aswell.

    Reply

    1. Nope – I actually don’t recommend it anymore. Probably time for me to edit this post. :) Thanks!

      Reply


  50. I got to the point of

    cat /etc/opendkim/keys/example.org/default.txt
    default._domainkey IN TXT ( “v=DKIM1; k=rsa; ”
    “p=MIGfMA0GC…QAB” ); —-

    So I put

    v=DKIM1; k=rsa; p=MIGfMA0GC…QAB

    in as my TXT record. The Brandon Checketts site show that this is coming back exactly as I put it in.

    It is not working. I notice there is no ‘g=*;’ in the above. Is that needed? Did I miss a step?

    Thx…

    Reply

    1. Hi, John. The g=* actually isn’t needed any more, so that shouldn’t be causing the problem.

      Reply

Leave a Reply