Send mail with Postfix and DKIM, DMARC, SPF – records.

How to make your own mail server and avoid getting your mail in spam?

You need to send your emails with a proper DKIM, DMARC and SPF signification!


  • Install all required software:
apt-get install opendkim opendkim-tools postfix-policyd-spf-python postfix-pcre
sudo adduser postfix opendkim


Configure opendkim

  • Create a opendkim keys directory:
mkdir -p /etc/opendkim/keys
  • Generate a keys:

cd /etc/opendkim/keys/
mkdir $DOMAIN
opendkim-genkey -s mail -d $DOMAIN

Here is a mail selector name. Replace with your domain name.

  • Create your signing table:
cat >>/etc/opendkim/SigningTable <<EOF
*@$DOMAIN mail._domainkey.$DOMAIN

cat /etc/opendkim/TrustedHosts

  • Create a key table:
cat > /etc/opendkim/KeyTable <<EOF
mail._domainkey.$DOMAIN $DOMAIN:mail:/etc/opendkim/keys/$DOMAIN/mail.private
  • Add your files definition to the /etc/opendkim.conf file:
AutoRestart             Yes
AutoRestartRate         10/1h
SyslogSuccess           Yes
LogWhy                  Yes
Canonicalization        relaxed/simple

ExternalIgnoreList      refile:/etc/opendkim/TrustedHosts
InternalHosts           refile:/etc/opendkim/TrustedHosts
KeyTable                refile:/etc/opendkim/KeyTable
SigningTable            refile:/etc/opendkim/SigningTable
Mode                    sv
Socket                  inet:12301@localhost
  • Enable opendkim daemon running on the localhost TCP socket. Change: /etc/defaults/opendkim
  • Add new postfix milter with the opendkim socket. Add to /etc/postfix/
milter_protocol = 2
milter_default_action = accept
smtpd_milters = inet:localhost:12301
non_smtpd_milters = inet:localhost:12301

policyd-spf_time_limit = 3600
smtpd_helo_required = yes
smtpd_recipient_restrictions =
    check_policy_service unix:private/policyd-spf

smtp_tls_security_level = may
smtp_tls_ciphers = export
smtp_tls_protocols = !SSLv2, !SSLv3
smtp_tls_loglevel = 1
  • Set permissions:
chown -R opendkim:opendkim /etc/opendkim
  • Edit /etc/postfix/ and add the following entry at the end:
policyd-spf  unix  -       n       n       -       0       spawn
    user=policyd-spf argv=/usr/bin/policyd-spf
  • Enable and start services:
systemctl enable postfix
systemctl restart postfix
systemctl enable opendkim
systemctl restart opendkim


Now we need to configure DNS system. Add all DNS records below:

  • SPF record.
TXT "v=spf1 -all"

replace with your domain.

  • Now you need to get a DKIM key.
cat /etc/opendkim/keys/$DOMAIN/mail.txt 

You can see something like this:

mail._domainkey IN      TXT     ( "v=DKIM1; h=sha256; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq+...)  ; ----- DKIM key mail 

Add this text record to the DNS system.

  • Turn on DMARC: IN TXT "v=DMARC1; p=none; sp=none;"
  • Test your email with gmail or online services like this: . Set selector = mail .

DKIM postfix

Tagged with:

Leave a Reply

Your email address will not be published.