Set Up DKIM For Multiple Domains On Postfix With dkim-milter 2.8.x (CentOS 5.3)


The DomainKeys Identified Mail (DKIM) Internet standard enables email senders to digitally sign their messages so that receivers can verify that those messages have not been forged. The DKIM sender authentication scheme allows the recipient of a message to confirm a message originated with the sender's domain and that the message content has not been altered. A cryptography-based solution, DKIM provides businesses an industry-standard method for mitigating email fraud and protecting an organization's brand and reputation at a relatively low implementation cost. The DKIM base specification is being spearheaded by Sendmail, Inc. in conjunction with Cisco and Yahoo!.

This tutorial is based on Set Up DKIM On Postfix With dkim-milter (CentOS 5.2) tutorial and my personal experience.I do not issue any guarantee that this will work for you!



Topdog software provides Centos rpms for Dkim-milter at so we will install the latest version. At the time of writing this tutorial the latest version is dkim-milter-2.8.3-1

Install the dkim-milter rpm, (32bit and 64bit intel supported)

rpm -ivh dkim-milter-2.8.3-1.i386.rpm


Generate the Keys

/usr/bin/dkim-genkey  -r -d

Replace with the domain name you will be signing the mail for. The command will create two files.

default.txt - contains the public key you publish via DNS
default.private - the private key you use for signing your email

Rename and move the private key to the dkim-milter keys directory and secure it.

mv default.private default
mkdir /etc/mail/dkim/keys/
mv default /etc/mail/dkim/keys/
chmod 600 /etc/mail/dkim/keys/
chown dkim-milt.dkim-milt /etc/mail/dkim/keys/

Important Note: repeat these steps for other domains and for each domain use seperate folder as you can see above otherwise you will receive "dkim: FAILED, invalid (public key: not available)" error message


DNS Setup

You need to publish your public key via DNS, client servers use this key to verify your signed email. The contents of default.txt is the line you need to add to your zone file a sample, is below

default._domainkey IN TXT "v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDG81CNNVOlWwfhENOZEnJKNlikTB3Dnb5kUC8/zvht/S8SQnx+YgZ/KG7KOus0By8cIDDvwn3ElVRVQ6Jhz/HcvPU5DXCAC5owLBf/gX5tvAnjF1vSL8ZBetxquVHyJQpMFH3VW37m/mxPTGmDL+zJVW+CKpUcI8BJD03iW2l1CwIDAQAB"
; ----- DKIM default for

Also add this to your zone file.

_ssp._domainkey IN TXT "t=y; dkim=unknown"



You need to check /etc/dkim-filter.conf file.

vi /etc/dkim-filter.conf

It must look like this:

ADSPDiscard             yes
ADSPNoSuchDomain        yes
AllowSHA1Only           no
AlwaysAddARHeader       no
AutoRestart             yes
AutoRestartRate         10/1h
BaseDirectory           /var/run/dkim-milter
Canonicalization        simple/simple
Domain        	#add all your domains here and seperate them with comma
ExternalIgnoreList      /etc/mail/dkim/trusted-hosts
InternalHosts           /etc/mail/dkim/trusted-hosts
KeyList                 /etc/mail/dkim/keylist
LocalADSP               /etc/mail/dkim/local-adsp-rules
Mode                    sv
MTA                     MSA
On-Default              reject
On-BadSignature         reject
On-DNSError             tempfail
On-InternalError        accept
On-NoSignature          accept
On-Security             discard
PidFile                 /var/run/dkim-milter/
QueryCache              yes
RemoveOldSignatures     yes
Selector                default
SignatureAlgorithm      rsa-sha1
Socket                  inet:[email protected]
Syslog                  yes
SyslogSuccess           yes
TemporaryDirectory      /var/tmp
UMask                   022
UserID                  dkim-milt:dkim-milt
X-Header                yes

Check /etc/mail/dkim/keylist file.

vi /etc/mail/dkim/keylist

It must look like this:


Note: if you have other domains you must add them in this file.Each line for one domain


Configure Postfix

You need to add the following options to the postfix file to enable it to use the milter.

vi /etc/postfix/
smtpd_milters = inet:localhost:20209
non_smtpd_milters = inet:localhost:20209
milter_protocol = 2
milter_default_action = accept

Append the dkim-milter options to the existing milters if you have other milters already configured.
Start dkim-milter and restart postfix:

service dkim-milter start
service postfix restart



Send an email to [email protected] or [email protected], you will receive a response stating if your setup is working correctly.



Updated rpms are always provided at

Share this page:

11 Comment(s)

Add comment

Please register in our forum first to comment.


By: Sajjad Haider Abbasi

Hi there,

It's really a very good tutorial. Steps were very easy to follow. I have couple questions for you. When I send email I get the following error in my maillog:

nov 17 21:27:37 mail2 dkim-filter[11742]: 9CA3CDAC64: no signature data

And when I send email to [email protected] and I get the following result:

DKIM Signature validation: not available
DKIM Author Domain Signing Practices: no DNS record for

Please can you help in this regard.



By: Anonymous

hello to every one i check this tutorial it is very good and use full , these days i m working with php and j scripting , there fore i just its  technicians , 

By: Anonymous

You can configure DKIM regardless of if you're using SPF. They don't affect one another at all.

By: Anonymous

I did exactly the same way asked to do.

But i could not make it work . I am using Zimbra on Debian 5.

Does it work for that kind of OS. Please let me know.

I don't get any error, but i don't get to validate a Domain key or DKIM verified.

 I used this source to test my email. Is there any specific port the email should go from ?

By: Anonymous


 Is possible to configure DKIM if I´m using SPF? My domain is hosted I created a txt record for SPF.

How can I combine them?


Best regards

By: Pankaj Garg


I used this document to install and use dkim-milter with zimbra 6 collaboration suite on CentOS 5.3. After implementing DKIM I am unable to receive incoming mails whereas outgoing mails are going without any problem. Could anyone please tell me what may be the reason.


Pankaj Garg

By: Alipour

I have same problem, do anyone solve this problem. i have used Centos 5.5X86_64 and zimbra 6.0.7.  when i remove  milter_protocol = 2 DKIM does not work. but also if i put them to the file No mail will be recieved.

By: Leif Hetlesaether

Everything works as a charm. I used rpm from the EPEL repository. Only had to modify the init script to use a port instead of a socket and tweak dkim-filter.conf a little bit.

Also added _adsp._domainkey     IN    TXT    "dkim=all" to my zonefile. Take a look at <url></url>  for an explanation.

Thanks for a great guide.

By: Anonymous

You shouldn't modify the init script.  Instead put custom changes in the /etc/sysconfig/dkim-milter file so they will persist even after an rpm update.

By: Simran Jeet Singh

in this lines:- 

smtpd_milters = inet:localhost:20209

non_smtpd_milters = inet:localhost:20209

can i replace loclhost with my Ip Address?

By: Mahendra Mahajan


Can you please help me out.

I wanted to setup 2 dkim in same server but i have little but confusion on it when i configure 2 dkim  i need to define 2 selector in opendkim configuration or need only one. Also domain need to use in opendkim configuration file,

Please suggest.