How to setup Domain Keys (DKIM) using Debian and Postfix

DomainKeys is an e-mail authentication system designed to verify the DNS domain of an e-mail sender thereby allowing a person, or organization to claim some responsibility for the message and helps verify that your mail is legitimate. This will help your emails not get flagged as spam or fraud, especially if you are doing bulk emailing or important emails.

So first will will need to make sure our system is up to date:

apt-get update 
apt-get upgrade

Next we will need to Install postfix and dkim-filter

apt-get install postfix dkim-filter

When the configuration prompt ask, choose “Internet Site”.  Now both postfix and dkim-filter are installed you will need to setup dkim-filter.

I’m going to use the domain of: for this howto.

Run the following commands:

mkdir -p /etc/dkim/keys/
cd /etc/dkim/keys/
dkim-genkey -r -d

Next make a file called: /etc/dkim-keys.conf and insert the following:



Now you will need to configure postfix and dkim-filter to work together.

Edit /etc/dkim-filter.conf and add the following 2 lines at the bottom:

KeyList /etc/dkim-keys.conf
Socket inet:8891@localhost

Now restart the DKIM filter:

/etc/init.d/dkim-filter restart


Now edit your postfix config( /etc/postfix/ ) and add the following lines:

milter_default_action = accept
milter_protocol = 2
smtpd_milters = inet:localhost:8891
non_smtpd_milters = inet:localhost:8891


and restart postfix ( postfix reload )

Next we will have to insert out Key into our DNS Server.

cat /etc/dkim/keys/

Witch will look like something like this: (The Stuff in Bold is what we want.)

default._domainkey IN TXT “v=DKIM1; g=*; k=rsa; p=MIGfMA0GCBiQKBgQC2/6Q+2eL4RL3lRi/WA0riuCk3WV+u” ; —– DKIM default for


Now just add a TXT Record for the domain with:

Name: default.private._domainkey
Value:  v=DKIM1; g=*; k=rsa; p=MIGfMA0GCBiQKBgQC2/ynaGiLr0/6Q+2eL4RL3lRi/WA0riuCk3WV+u

Apply the Setting… and wait a bit for dns to work.


Next testing!


This website seems to work nicely for testing DKIM: