DomainKeys is an e-mail authentication system designed to verify the DNS domain of an e-mail sender and the message integrity.

Or in simple words: if you don’t use it, yahoo mail systems will hates you (and many many others).

Let’s install and configure dkim-filter: aptitude install dkim-filter mkdir /etc/dkim cd /etc/dkim dkim-genkey Edit the default config in /etc/dkim-filter.conf Domain KeyFile /etc/dkim/default.private Selector Default Uncomment “Mode sv” to be sure that dkim-filter will both sign and verify signatures.

Now enable the socket that postfix will use to communicate with dkim-filter: /etc/default/dkim-filter SOCKET="inet:[email protected]"

Now instruct postfix about dkim-filter: /etc/postfix/ milter_default_action = accept milter_protocol = 2 smtpd_milters = inet:localhost:8891 non_smtpd_milters = inet:localhost:8891

Restart dkim-filter and postfix.

The last step is load your public key, in a special TXT record for your domain that you can see on /etc/dkim/default.txt.


dkim-filter[15113]: 57E455841A external host foo attempted to send as

This will happen if you don’t force the clients to auth themself for relaying, but you configured a static subnet declaration on mynetwork ( postfix knows that the clients sending mail from this subnet are trusted, but dkim NOT!

For get that working you need to modify DAEMON_OPTS in /etc/default/dkim-filter: DAEMON_OPTS=" -i /etc/dkim/internal_hosts" and then, create /etc/dkim/internal_hosts: