In this post I show how to create DKIM keys with opendkim for multiple domains and use them in Postfix in Debian. I used Debian Buster.
Step 1 – Install, configure and gen keys for the domains
apt install opendkim opendkim-tools
In the file /etc/opendkim.conf change Socket to inet:8892@localhost and add the lines:
KeyTable file:/etc/dkimkeys/keytable
SigningTable file:/etc/dkimkeys/signingtable
Now lets generate the key domains. Repeat this command for every domain.
sudo -u opendkim opendkim-genkey -D /etc/dkimkeys -d domain.com -s domaincom
Final steps is create KeyTable/SigningTable files and add entries for your domains.
sudo -u opendkim nano /etc/dkimkeys/keytable
domaincom._domainkey.domain.com domain.com:domaincom:/etc/dkimkeys/domaincom.private
domain2com._domainkey.domain2.com domain2.com:domain2com:/etc/dkimkeys/domain2com.private
... (other domains)
Now SigningTable file.
sudo -u opendkim nano /etc/dkimkeys/signingtable
domain.com domaincom._domainkey.domain.com
domain2.com domain2com._domainkey.domain2.com
... (other domains)
Done! Now just restart opendkim.
systemctl restart opendkim
Step 2 – Configure Postfix
Is very simple, just add the lines below to your main.cf
milter_default_action = accept
smtpd_milters = inet:localhost:8892
non_smtpd_milters = $smtpd_milters
And restart Postfix.
Final Step – Add TXT entries for your domains
To use DKIM you must publish your public DKIM key for each domain. This is done by creating a TXT record in your DNS Zone. The data about DNS are in the files /etc/dkimkeys/*.txt Below I used domain.com as an example of the DNS entry that you must need to add.
Type: TXT
Host: domaincom._domainkey
Value: v=DKIM1; h=sha256; k=rsa; p=...
That’s it.