How to install and configure OpenDKIM, Postfix, DNS, Debian 9 (Stretch).

Install and configure OpenDKIM.

Update system, install OpenDKIM and some needed dependencies (perl).

sudo apt-get update
sudo apt-get dist-upgrade
sudo apt-get install opendkim opendkim-tools
sudo apt-get install libdigest-sha-perl libdigest-sha-perl libcrypt-openssl-rsa-perl liberror-perl perl libnet-dns-perl libnet-server-perl libmail-dkim-perl libmailtools-perl

Add user postfix to opendkim.

sudo adduser postfix opendkim

Edit opendkim config file /etc/opendkim.conf.

sudo mkdir -p /var/spool/postfix/opendkim/
sudo nano /etc/opendkim.conf
Syslog           yes
Selector         mail
Mode             sv
SubDomains       yes
Socket           local:/var/spool/postfix/opendkim/opendkim.sock
PidFile          /var/run/opendkim/
OversignHeaders  From
TrustAnchorFile  /usr/share/dns/root.key
UserID           opendkim
LogWhy           yes

Add these lines below.

KeyTable                  /etc/opendkim/KeyTable
SigningTable              /etc/opendkim/SigningTable
ExternalIgnoreList        /etc/opendkim/TrustedHosts
InternalHosts             /etc/opendkim/TrustedHosts

Edit /etc/opendkim/TrustedHosts.

sudo mkdir /etc/opendkim
sudo nano /etc/opendkim/TrustedHosts

Add and IP addresses:

Generate a key for server

sudo mkdir -p /etc/opendkim/keys/
cd /etc/opendkim/keys/
sudo opendkim-genkey -b 2048 -d -s mail
sudo chown opendkim:opendkim -R /etc/opendkim
sudo chmod 600 /etc/opendkim/keys/domain/mail.private

Edit /etc/opendkim/KeyTable, specify key location.

sudo nano /etc/opendkim/KeyTable

Edit /etc/opendkim/SigningTable, specify which key will sign a domain.

sudo nano /etc/opendkim/SigningTable

Add DKIM key to DNS server.

Print key:

cat /etc/opendkim/keys/

Copy and paste printed key to your config file in DNS server (Bind9 –

mail._domainkey IN TXT "v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3... ...DQEBAQUAA4GNAB" ; ----- DKIM default for

Add extra ADSP (Author Domain Signing Practices).   IN    TXT    "dkim=unknown"

Restart  DNS server.

sudo /etc/init.d/bind9 restart

Edit /etc/default/opendkim.

Specify daemon connection settings.

sudo nano /etc/default/opendkim

sudo systemctl restart opendkim

Configure Postfix.

Edit /etc/postfix/

sudo nano /etc/postfix/

Add these lines to postfix.

milter_default_action = accept
milter_protocol = 6
smtpd_milters = local:/opendkim/opendkim.sock
non_smtpd_milters = local:/opendkim/opendkim.sock

Restart Postfix.

sudo service postfix restart


sudo opendkim-testkey -d -s mail -vvv
opendkim-testkey: using default configfile /etc/opendkim.conf
opendkim-testkey: checking key ''
opendkim-testkey: key not secure
opendkim-testkey: key OK


1 comment

    • Greg on 3 February 2019 at 23:28
    • Reply

    Worked like a charm after failing with 2 other instruction pages. Thanks!

Leave a Reply

Your email address will not be published.

Matomo encountered an error: Uncaught Piwik\Exception\NotYetInstalledException: The configuration file {/WWW/piwik//config/config.ini.php} has not been found or could not be read. in /WWW/piwik/core/Application/Kernel/EnvironmentValidator.php:80 Stack trace: #0 /WWW/piwik/core/Application/Kernel/EnvironmentValidator.php(63): Piwik\Application\Kernel\EnvironmentValidator->checkConfigFileExists('/WWW/piwik//con...', true) #1 /WWW/piwik/core/Application/Environment.php(185): Piwik\Application\Kernel\EnvironmentValidator->validate() #2 /WWW/piwik/core/Application/Environment.php(94): Piwik\Application\Environment->validateEnvironment() #3 /WWW/terminal28/wp-content/plugins/wp-piwik/classes/WP_Piwik/Request/Php.php(35): Piwik\Application\Environment->init() #4 /WWW/terminal28/wp-content/plugins/wp-piwik/classes/WP_Piwik/Request/Php.php(16): WP_Piwik\Request\Php->call('method=SitesMan...', 'https://piwik.t...', 'module=API&form...') #5 /WWW/terminal28/wp-content/plugins/wp-piwik/classes/WP_Piwik/Request.php(63): WP_Piwik\Request\Php->request(' (which lead to: SQLSTATE[HY000] [1045] Access denied for user ''@'localhost' (using password: NO))