From iRedMail
Jump to: navigation, search


This tutorial describes how to enable DKIM signing for new mail domains on below Linux distributions:

  • Red Hat Enterprise Linux
  • CentOS
  • Scientific Linux

Generate DKIM key for new mail domain

# cd /var/lib/dkim/
# amavisd genrsa
# chmod 0644

Enable DKIM signing for new mail domain in Amavisd

Open Amavisd config file /etc/amavisd.conf, search for "# Add dkim_key here.", and add it alongside the others, preferably in alphabetic order so you can find it faster.

File: /etc/amavisd.conf
dkim_key("", "dkim", "/var/lib/dkim/");

Add your new domain in @local_domains_maps in /etc/amavisd.conf. The line should now read something like this:

File: /etc/amavisd.conf
@local_domains_maps = ( [".$mydomain", "", ""] );  # list of all local domains

Restart amavisd service:

# /etc/init.d/amavisd restart

Test that new key to make sure it was installed properly:

# amavisd showkeys
; key#1, domain, /var/lib/dkim/   3600 TXT (
  "v=DKIM1; p="
  • If you have your own Bind DNS server running, add exactly what was printed above to the zone file in you nameserver(s). Make sure you have also updated the serial of the zone file, then restart named service:
  • If you hosted domain names in ISP like GoDaddy, create a new DNS record, host record is, record type is TXT, then copy output of above command into one line, like below, it's value of DNS record
v=DKIM1; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDYArsr2BKbdhv9efugByf7LhaKtxFUt0ec5+1dWmcDv0WH0qZLFK711sibNN5LutvnaiuH+w3Kr8Ylbw8gq2j0UBokFcMycUvOBd7nsYn/TUrOua3Nns+qKSJBy88IWSh2zHaGbjRYujyWSTjlPELJ0H+5EV711qseo/omquskkwIDAQAB

Verify DKIM signing

After your new DNS records is working, verify that everything is ok by sending mails from to the autoresponders from this page: DKIM Reflectors

Personal tools