Cheap VPS & Xen Server

Residential Proxy Network - Hourly & Monthly Packages

Quick And Easy Setup For DomainKeys Using Ubuntu, Postfix And Dkim-Filter

This is a quick tutorial for setting up DomainKeys on Ubuntu (I used 6.06LTS – but should work the same on others) using dkim-filter with Postfix so emails from your domain will not constantly end up in Yahoo’s spam filter.

First install dkim-filter from the respositories:

sudo apt-get install dkim-filter

Next create a location for storing the public and private keys required:

sudo mkdir /var/dkim-filter

Enter into that directory and create keys:

cd /var/dkim-filter

sudo openssl genrsa -out private.key 1024

sudo openssl rsa -in private.key -out public.key -pubout -outform PEM

Edit dkim-filter configuration file, almost everything is commented out by default. Here is a copy of my config. Replace DOMAIN.TLD with your domain name.

# Log to syslog
Syslog yes
# Required to use local socket with MTAs that access the socket as a non-
# privileged user (e.g. Postfix)
#UMask 002
# Sign for with key in /etc/mail/dkim.key using
# selector ‘2007’ (e.g.
KeyFile /var/dkim-filter/private.key
Selector mail

# Common settings. See dkim-filter.conf(5) for more information.
AutoRestart no
Background yes
Canonicalization simple
DNSTimeout 5
Mode sv
SignatureAlgorithm rsa-sha256
SubDomains no
UseSSPDeny no
X-Header no

At this point you should be able to successfully start the service and check for any errors in the syslog.

sudo /etc/init.d/dkim-filter start

Now add the selector and public key info into your DNS zone file. Change the DOMAIN.TLD to match your domain name, and add the key contents from: /var/dkim-filter/public.key after the p=

Make sure there are no spaces or line breaks!


mail._domainkey.DOMAIN.TLD. IN TXT “k=rsa; t=y; p=MIGfKh1FC…..bfQIDAQAB”

Edit the Postfix configuration file…

sudo vi /etc/postfix/

… and add the following to the bottom of the file:

milter_default_action = accept
milter_protocol = 2
smtpd_milters = inet:localhost:8891
non_smtpd_milters = inet:localhost:8891

Next restart BIND and Postfix:

sudo /etc/init.d/bind9 restart

sudo /etc/init.d/postfix restart

Test by sending a mail to a Yahoo account, check the header for DomainKeys status.