Among others, Google Gmail and Yahoo mail check your email for a DKIM signature.
Install and Configure OpenDKIM

1. Install OpenDKIM

apt-get install opendkim

Comment: This will install the latest available stable Debian packaged version of OpenDKIM which is currently 2.0.1. This version is already a couple of years old (2010).
If you know how/want to compile sources yourself, then the latest version is 2.4.3 (and 2.5.0 is right around the corner)

2. Edit the OpenDKIM config file

vim /etc/opendkim.conf

Add these rows:

KeyTable /etc/opendkim/KeyTable
SigningTable /etc/opendkim/SigningTable
ExternalIgnoreList /etc/opendkim/TrustedHosts
InternalHosts /etc/opendkim/TrustedHosts

Note: If you run multiple instances of Postfix you need to add this to the opendkim.conf for each instance (or the ones you want to use opendkim)

3. Edit /etc/opendkim/TrustedHosts

mkdir -p /etc/opendkim/
vim /etc/opendkim/TrustedHosts

Add domains, hostnames and/or ip’s that should be handled by OpenDKIM. Don’t forget localhost.

127.0.0.1
localhost

4. Edit /etc/default/opendkim

vim /etc/default/opendkim

Uncomment this row:

SOCKET=“inet:12345@localhost“ # listen on loopback on port 12345

Generate keys
Repeat these steps to generate keys for each domain you will send email from. Replace mydomain.com with your domain name in examples below.

1. Generate key

mkdir -p /etc/opendkim/keys/mydomain.com
cd /etc/opendkim/keys/mydomain.com
opendkim-genkey -r -d mydomain.com
chown opendkim:opendkim default.private

2. Add domain to KeyTable /etc/opendkim/KeyTable

vim /etc/opendkim/KeyTable

Add line

default._domainkey.mydomain.com mydomain.com:default:/etc/opendkim/keys/mydomain.com/default.private

3. Add domain to SigningTable /etc/opendkim/SigningTable

vim /etc/opendkim/SigningTable

Add line:

mydomain.com default._domainkey.mydomain.com

Note that in OpenDKIM 2.0.1 domain names are case sensitive (supposed to be fixed from 2.3.1 but I have not tested).
This means that in the above example an email from info@mydomain.com will be signed, but an email from info@MyDomain.com will not be signed. The workaround is to add one extra entry for MyDomain.com to SigningTable.

4. Add to DKIM public key to DNS

Add an entry for the public key to the DNS server you are using for your domain. You find the public key here:

cat /etc/opendkim/keys/mydomain.com/default.txt

And insert it in your zone file
Start OpenDKIM

/etc/init.d/opendkim start

In the future, if you make any changes to configuration remember to restart: /etc/init.d/opendkim restart
Configure and Restart Postifx

1. Configure Postfix

vim /etc/postfix/main.cf

Add or edit these lines:

milter_default_action = accept
milter_protocol = 6
smtpd_milters = inet:localhost:12345
non_smtpd_milters = inet:localhost:12345

2. Restart Postfix

/etc/init.d/postfix reload

Log files are in the /var/log directory

cat /var/log/mail.log
cat /var/log/mail.warn
cat /var/log/mail.err

Log more info

vim /etc/opendkim.conf

Add this line:

LogWhy yes

Credits

Guides that have helped me along the way: Debian Tutorials and Syslog

Материалът dkim on debian with postfix е публикуван за пръв път на rosen4o.net.