Sendmail DKIM

Created: — modified: — tags: e-mail

Signing sendmail messages with DKIM using OpenDKIM is easier then you think!

Update: Note that long after writing this guide, I've switched to Postfix as my mail server, so this guide was correct at the time of writing, it might be obsolete and/or incorrect at the time of reading.


Following Ubuntu's guide, execute this command:

sudo apt-get install opendkim opendkim-tools


First, think up a selector used for differentiating this key from others. If you have different means of sending an email from one, they might have different keys. For example I use Yandex mail for domain, which have their own set of private and public keys and use mail selector. So I decided to use sendmail as a selector for this one.

Key generation

Execute this command:

opendkim-genkey -t -s [selector]

This will generate two files: [selector].priv storing your private key and [selector].txt storing DNS record.

Move the *.priv file to an appropriate location on the server (for example, /etc/mail/dkim.key), and add contents of *.txt file to your DNS.


It depends on your provider and details of your setup, but generally it's about adding a TXT record for a [selector]._domainkey subdomain. Contents of this record is in the *.txt file generated by opendkim-genkey command.


Edit /etc/opendkim.conf file. You need to uncomment and change only these three lines:

Domain  [your domain]
KeyFile [keyfile]
Selector    [selector]

Where [keyfile] is a path to your private key.

Restart opendkim service:

sudo service opendkim restart


Find out the socket used by opendkim:

ps aux | grep opendkim

it's after -p parameter and usually is local:/var/run/opendkim/opendkim.sock

Edit /etc/mail/ file and add this line anywhere (f.ex, at the bottom):

INPUT_MAIL_FILTER(`opendkim', `S=local:/var/run/opendkim/opendkim.sock')

(change socket location if it's different in your case)

Finally, rebuild the sendmail config, as it's said on the top of file:



I believe you know how to send mail, but just in case:

To send a message to, use this command:

mail -s "Message subject" <<<"Message body"


To test how this stuff works, you can use one or more of autorespond email addresses listed at, like this:

echo "test message" | mail -s "DKIM test" checkmyauth@''