OpenDKIM

sudo apt install opendkim

mkdir -p /etc/opendkim/keys
cd /etc/opendkim
touch key.table signing.table trusted.hosts

sudo chown -R opendkim:adm /etc/opendkim
sudo find /etc/opendkim -type d -exec chmod 770 {} \;
sudo find /etc/opendkim -type f -exec chmod 660 {} \;

sudo mkdir /var/spool/postfix/opendkim
sudo chown opendkim:postfix /var/spool/postfix/opendkim
sudo chmod 755 /var/spool/postfix/opendkim

Example configuration files

The example below shows a configuration for domain.com and domain.net.

Only one selector is in production at a time. This facilitates easy key rotation.

FILE: key.table

selector1._domainkey.domain.com     domain.com:selector1:/etc/opendkim/keys/domain.com/selector1.private
selector1._domainkey.domain.net     domain.net:selector1:/etc/opendkim/keys/domain.net/selector1.private

selector2._domainkey.domain.com     domain.com:selector2:/etc/opendkim/keys/domain.com/selector2.private
selector2._domainkey.domain.net     domain.net:selector2:/etc/opendkim/keys/domain.net/selector2.private

FILE: signing.table

*@domain.com   selector1._domainkey.domain.com
*@*.domain.com selector1._domainkey.domain.com
*@domain.net   selector1._domainkey.domain.net
*@*.domain.net selector1._domainkey.domain.net

*@domain.com   selector2._domainkey.domain.com
*@*.domain.com selector2._domainkey.domain.com
*@domain.net   selector2._domainkey.domain.net
*@*.domain.net selector2._domainkey.domain.net

FILE: trusted.hosts

127.0.0.1
localhost

.domain.com
.domain.net

FILE: /etc/postfix/main.cf

Add the following to your postfix configuration:

# DKIM support - Milter configuration
milter_default_action = accept
milter_protocol = 6
smtpd_milters = local:opendkim/opendkim.sock
non_smtpd_milters = $smtpd_milters