How to Setup DomainKeys(DKIM) on Linux?
DKIM (DomainKeys Identified Mail) is a method of signing electronic emails using public-private key pair. DKIM is used by receiving mail server for identifying email, that they are sent by authorized mail servers. It also minimizes the possibility of getting emails SPAM.
How to Setup DomainKeys (DKIM) on ISPconfig?
Before using ISPconfig to generate DomainKeys, make sure opendkim is installed.
1. Login ISPconfig
Click Email>Domain>DomainKeys Identified Mail (DKIM).

2. Generate DomainKeys
How to Setup DomainKeys (DKIM) with Postfix on CentOS/Ubuntu/Debian?
Related link:
The following operations will take example.com as an example.
Ubuntu/Debian
1. Install opendkim Package
Install opendkim and opendkim-tools packages using following command.
sudo apt-get install opendkim opendkim-tools
2. Generate Key Pair
Create DKIM key pair using opendkim-genkey command line utility.
MYDOMAIN=example.com
mkdir -p /etc/mail/dkim-keys/$MYDOMAIN
cd /etc/mail/dkim-keys/$MYDOMAIN
opendkim-genkey -t -s mail -d $MYDOMAIN
The above command will generate two files default.private and default.txt. You can create multiple DKIM keys for different-2 domains and configure them with your postfix server.
3. Configure DKIM and POSTFIX
A. Edit the domain keys lists setting file /etc/mail/dkim.key and add the following entry.
*@example.com:example.com:/etc/mail/dkim-keys/example.com/dt.private
B. Edit DKIM configuration file /etc/opendkim.conf and update below values in configuration file.
Domain example.com
KeyFile /etc/mail/dkim.key
Selector mail
Socket inet:8892@localhost
Socket: the milter will listen on the socket specified here, Posfix will send messages to opendkim for signing and verification through this socket; 8892@localhost defines a TCP socket that listens on localhost.
Note: Port 8892 should be consistent with the value in the configuration file "/etc/postfix/main.cf", which can be changed as needed; If you need to change the key size (1024/2048), you can do so through the configuration file "/etc/opendkim.conf".
C. Edit POSTFIX configuration file /etc/postfix/main.cf and add following values at the end of file.
milter_default_action = accept
milter_protocol = 2
smtpd_milters = inet:localhost:8892
non_smtpd_milters = inet:localhost:8892
4.Configure DNS Entry
After configuring private key in the postfix server. There will be another file default.txt generated by opendkim-genkey. Edit your DNS zone file and add this as TXT record found in /etc/opendkim/keys/example.com/default.txt/.
5.Restart Service
After making all the above configuration’s restart dkim and postfix services.
sudo service opendkim restart
sudo service postfix restart
6. Verify DKIM
A. Verify that DKIM is working properly and send a test email from the command line.
mail -vs "Test DKIM" test_email@gmail.com < /dev/null
B. Search for "Dkim-Signature" in emails we receive in our mailboxes, and you'll find something like the following:
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=example.com;
s=default.private; t=1402388963;
bh=fdkeB/A0FkbVP2k4J4pNPoe23AvqBm9+b0C3OY87Cw8=;
h=Date:From:Message-Id:To:Subject;
b=M6g0eHe3LNqURha9d73bFWlPfOERXsXxrYtN2qrSQ6/0WXtOxwkEjfoNTHPzoEOlD
i6uLLwV+3/JTs7mFmrkvlA5ZR693sM5gkVgVJmuOsylXSwd3XNfEcGSqFRRIrLhHtbC
mAXMNxJtih9OuVNi96TrFNyUJeHMRvvbo34BzqWY=
CentOS
1. Install DKIM-milter
yum install opendkim
2. Generate Key Pair
A. Create DKIM key pair using dkim-genkey command line utility provided by dkim-milter package.
MYDOMAIN=example.com
mkdir -p /etc/opendkim/keys/$MYDOMAIN
cd /etc/opendkim/keys/$MYDOMAIN
opendkim-genkey -r -d $MYDOMAIN
B. Set the proper permissions on the Keys directory.
chown -R opendkim:opendkim /etc/opendkim
chmod go-rw /etc/opendkim/keys
3.Configure OpenDKIM
A. Edit the Opendkim configuration file and Add/Update the following entries in the file.
Mode sv
Socket inet:8891@localhost
Domain example.com
KeyTable /etc/opendkim/KeyTable
SigningTable refile:/etc/opendkim/SigningTable
ExternalIgnoreList refile:/etc/opendkim/TrustedHosts
InternalHosts refile:/etc/opendkim/TrustedHosts
Note: Port 8891 should be consistent with the value in the configuration file "/etc/postfix/main.cf", which can be changed as needed; If you need to change the key size (1024/2048), you can do so through the configuration file "/etc/opendkim.conf".
B. Edit the domain keys lists setting file /etc/opendkim/KeyTable and add the following entry.
default._domainkey.example.com
example.com:default:/etc/opendkim/keys/example.com/default.private
C. Edit /etc/opendkim/SigningTable file and update following entry.
*@example.com default._domainkey.example.com
D. Edit /etc/opendkim/TrustedHosts file and update following entry.
mail.example.com
example.com
4. Configure Postfix
A. Edit POSTFIX configuration file /etc/postfix/main.cf and add following values at the end of file.
smtpd_milters = inet:127.0.0.1:8891
non_smtpd_milters = $smtpd_milters
milter_default_action = accept
B. Finally start DKIM service using the following command.
service opendkim start
5.Configure DNS Entry
Edit your DNS zone file and add this as TXT record found in /etc/opendkim/keys/example.com/default.txt/.
6.Restart Service
After making all the above configuration’s restart dkim and postfix services
sudo service opendkim restart
sudo service postfix restart
7.Verify DKIM
A. Verify that DKIM is working properly and send a test email from the command line.
mail -vs "Test DKIM" test_email@gmail.com < /dev/null
B. Search for "Dkim-Signature" in emails we receive in our mailboxes, and you'll find something like the following:
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=example.com;
s=default.private; t=1402388963;
bh=fdkeB/A0FkbVP2k4J4pNPoe23AvqBm9+b0C3OY87Cw8=;
h=Date:From:Message-Id:To:Subject;
b=M6g0eHe3LNqURha9d73bFWlPfOERXsXxrYtN2qrSQ6/0WXtOxwkEjfoNTHPzoEOlD
i6uLLwV+3/JTs7mFmrkvlA5ZR693sM5gkVgVJmuOsylXSwd3XNfEcGSqFRRIrLhHtbC
mAXMNxJtih9OuVNi96TrFNyUJeHMRvvbo34BzqWY=