Follow these steps to install OpenDKIM on Ubuntu and Plesk.
I will use domain.tld (as the primary domain) and example.com as my domains, I have enabled subdomains so mail from the server mail.domain.tld gets signed too as in this case mail.domain.tld is also the Posfix hostname and mailname…
1. First login as root as run…
apt-get update apt-get install opendkim opendkim-tools
2. Create the folder structure…
mkdir -p /etc/opendkim/keys/domain.tld mkdir -p /etc/opendkim/keys/example.com
3. Create a key, I’ll use “dkim” as the selector and create 1024bit keys
You will have two files in the folder, dkim.private and dkim.txt, the latter contains the DNS record for you to add in Plesk or at your domains registrar.
cd /etc/opendkim/keys/domain.tld opendkim-genkey -s dkim -d domain.tld chown opendkim:opendkim dkim.private chmod 600 dkim.private
cd /etc/opendkim/keys/example.com opendkim-genkey -s dkim -d example.com chown opendkim:opendkim dkim.private chmod 600 dkim.private
4. Now we’ll create the SigningTable and the KeyTable…
nano /etc/opendkim/SigningTable
The contents should look like…
domain.tld dkim._domainkey.domain.tld mail.domain.tld dkim._domainkey.domain.tld example.com dkim._domainkey.example.com mail.example.com dkim._domainkey.example.com
5. And the KeyTable…
nano /etc/opendkim/KeyTable
The contents should look like…
dkim._domainkey.domain.tld domain.tld:dkim:/etc/opendkim/keys/domain.tld/dkim.private dkim._domainkey.domain.tld mail.domain.tld:dkim:/etc/opendkim/keys/domain.tld/dkim.private dkim._domainkey.example.com example.com:dkim:/etc/opendkim/keys/example.com/dkim.private dkim._domainkey.example.com mail.example.com:dkim:/etc/opendkim/keys/example.com/dkim.private
You can see the subdomains point to the same key as the domain.
6. Next we have to create the internal hosts file…
nano /etc/opendkim/dkim-InternalHosts
and add your IP and host names…
127.0.0.1/8 192.168.0.50/32 # where this is your Server IP localhost domain.tld mail.domain.tld example.com mail.example.com
7. Now edit /etc/opendkim.conf
nano /etc/opendkim.conf
And define these settings…
Syslog yes UMask 002 Domain domain.tld KeyFile /etc/opendkim/keys/domain.tld/dkim.private Selector dkim Canonicalization relaxed/relaxed Mode sv SignatureAlgorithm rsa-sha256 SubDomains yes LogWhy yes UserID opendkim:opendkim KeyTable /etc/opendkim/KeyTable SigningTable /etc/opendkim/SigningTable InternalHosts /etc/opendkim/dkim-InternalHosts Statistics /var/log/opendkim/dkim-stats.log OversignHeaders From
8. Make sure you create the log directory, and the log file is owned by opendkim:opendkim
mkdir -p /var/log/opendkim/ touch /var/log/opendkim/dkim-stats.log chown opendkim:opendkim /var/log/opendkim/dkim-stats.log
9. We now need to define the socket…
nano /etc/default/opendkim
And uncomment…
SOCKET="inet:12345@localhost" # listen on loopback on port 12345
10. And restart opendkim
service opendkim restart
11. Our last step is too add this milter to our postfix configuration file…
nano /etc/postfix/main.cf
milter_default_action = accept milter_protocol = 6 smtpd_milters = inet:127.0.0.1:12768, inet:127.0.0.1:12345 non_smtpd_milters = inet:127.0.0.1:12345
Restart Postfix…
service postfix restart
And you should be good.