Set Up DKIM On Postfix With dkim-milter (CentOS 5.2)

Version 1.2
Author: Andrew Colin Kissa <andrew [at] topdog [dot] za [dot] net>

This howto has been superseded by


DKIM is an authentication framework which stores public-keys in DNS and digitally signs emails on a domain basis. It was created as a result of merging Yahoo's domainkeys and Cisco's Identified Internet mail specification. It is defined in RFC 4871.

We will be using the milter implementation of dkim on CentOS 5.2.



I provide Centos rpms for Dkim-milter at so we will install the latest version.

  • Install the rpm, ( 32bit and 64bit intel supported )

# wget
# rpm --import andrew_topdog-software.com_key.txt
#$(uname -i).rpm


Generate the Keys

# sh /usr/share/doc/dkim-milter-2.8.2/ -r -d <domain_name>

Replace <domain_name> with the domain name you will be signing the mail for. The command will create two files.

  • default.txt - contains the public key you publish via DNS
  • default.private - the private key you use for signing your email

Move the private key to the dkim-milter directory and secure it.

# mv default.private /etc/mail/dkim/default.key.pem
# chmod 600 /etc/mail/dkim/default.key.pem
# chown dkim-milt.dkim-milt /etc/mail/dkim/default.key.pem


DNS Setup

You need to publish your public key via DNS, client servers use this key to verify your signed email. The contents of default.txt is the line you need to add to your zone file a sample, is below

default._domainkey IN TXT "v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDG81CNNVOlWwfhENOZEnJKNlikTB3Dnb5kUC8/zvht/S8SQnx+YgZ/KG7KOus0By8cIDDvwn3ElVRVQ6Jhz/HcvPU5DXCAC5owLBf/gX5tvAnjF1vSL8ZBetxquVHyJQpMFH3VW37m/mxPTGmDL+zJVW+CKpUcI8BJD03iW2l1CwIDAQAB"

; ----- DKIM default for

Also add this to your zone file.

_ssp._domainkey IN TXT "t=y; dkim=unknown"



  • Create the file /etc/sysconfig/dkim-milter with the contents below overwriting the existing sample file that was installed by the rpm, Make sure you set the SIGNING_DOMAIN variable to the domain or domains you will be signing mail for.

EXTRA_ARGS="-h -l -D"


Configure Postfix

You need to add the following options to the postfix file to enable it to use the milter.

smtpd_milters = inet:localhost:20209
non_smtpd_milters = inet:localhost:20209

Append the dkim-milter options to the existing milters if you have other milters already configured.

Start dkim-milter and restart postfix

# service dkim-milter start
# service postfix restart



Send an email to [email protected] or [email protected], you will receive a response stating if your setup is working correctly. If you have a Gmail account you can send an email to that account and look at the message details similar to the picture below, you should see signed-by "your domain" if your setup was done correctly.


Previous versions



Updated rpms are always provided at

Share this page:

7 Comment(s)

Add comment


From: Zak Kinion

Lets say if my server is an A entry and MX entry,   and is on a seperate server than,  do I need to setup the dkim key as a subdomain, since [email protected] is where the mail is actually sent from?


 Like TXT t=y; o=- TXT v=DKIM1; g=*; k=rsa; .....

 Is there like    or should I use:  ????



From: orefalo

It does work, but you have to be careful about the certificate names, check the scripts and you will soon figure it out

From: Pamie

Can you elaborate the entire steps , 

I have minutely followed the above instructions but still it wont work.

Thank you.

From: Aguilar

Thank you very much for this tutorial, i followed this instructions and worked perfectly, i need this to participate of Yahoo Complaint Feedback

From: peter

Hi, I'm on centOS 5.3.  First of all my request is to also be clear how to specify the DNS for thos of us who don't host our own DNS (I have mine with - because when we input our txt fields there is no place to put "ssp" or "default" I think.  

 I've followed the instructions to the end, but unfortunately when I do 'service dkim-milter start' I get

 Starting DKIM milter (dkim-filter #0): dkim-filter: smfi_opensocket() failed                                                          [FAILED]

 Do I also need to open up another port manually?

 Thanks for your help!

From: Wosley

Hello to all,

First, big thanks for the tutorial.

I`ve fallow all steps but in the end i`ve got stuck with this:

Feb 18 15:07:56 **** postfix/cleanup[21151]: warning: cannot receive milters via service cleanup socket socket
Feb 18 15:07:56 **** postfix/smtpd[21143]: warning: premature end-of-input on public/cleanup socket while reading input attribute name
Feb 18 15:07:56 **** postfix/smtpd[21143]: warning: cannot send milters to service public/cleanup socket
Feb 18 15:07:56 **** postfix/smtpd[21143]: BA976B1D3D0: client=unknown[], sasl_method=LOGIN, sasl_username=johndoe
Feb 18 15:07:56 **** postfix/master[21136]: warning: process /usr/libexec/postfix/cleanup pid 21151 killed by signal 11
Feb 18 15:07:56 **** postfix/master[21136]: warning: /usr/libexec/postfix/cleanup: bad command startup -- throttling

 If other ppl get the same errors maybe some clarification will be welcome on this tutorial.

Best regards,

From: Marvin Yoingco

I resolved this issue by disabling SELinux. Here's the link on how to do this.

 It seems that SELinux is blocking the access to the said interface:port.