Not only is DKIM important for email security, but with changes in Google’s mail filtering it’s becoming necessary to support. Thanks to Alessandro Vesely, the author of zdkimfilter, it’s fairly easy to set up with Courier MTA on Linux. These instructions cover Redhat/CentOS 7, but can be adapted to other flavors of Linux.

To begin with, you’ll need to make sure a few things are installed, one of which requires a third-party (but popular and reliable) repo.

Add the ELRepo respository:
rpm -ivh http://www.elrepo.org/elrepo-release-7.0-2.el7.elrepo.noarch.rpm

Now install a few required packages that you might not currently have on your system:
yum install libbsd-devel libunistring-devel uuid uuid-devel

Now a couple of packages directly from fedoraproject.org (you might want to check for newer releases first, but these are current as of this article):
rpm -ivh http://dl.fedoraproject.org/pub/epel/7/x86_64/l/libidn2-0.10-1.el7.x86_64.rpm http://dl.fedoraproject.org/pub/epel/7/x86_64/l/libidn2-devel-0.10-1.el7.x86_64.rpm

Download the lastest version of OpenDKIM from: http://sourceforge.net/projects/opendkim/files/

Compile and install OpenDKIM:
tar xvfz opendkim-2.10.3.tar.gz
cd opendkim-2.10.3
./configure –prefix=/usr –libdir=/usr/lib64 –disable-filter
make -j4
make install
ldconfig

Download zdkimfilter at: http://www.tana.it/sw/zdkimfilter/zdkimfilter.html

Compile and install zdkimfilter:
tar xvfz zdkimfilter-1.5.tar.gz
cd zdkimfilter-1.5
./configure –prefix=/usr/local
make -j4
make install

Create the zdkimfilter config file from the distribution version (this assumes Courier’s configuration files are in /etc/courier):
mv /etc/courier/filters/zdkimfilter.conf.dist /etc/courier/filters/zdkimfilter.conf

Create the key directory and set permissions:
mkdir /etc/courier/filters/keys
chmod 750 /etc/courier/filters/keys
chown root:courier /etc/courier/filters/keys

Generate your DKIM keys (change domain.com and elector to suite your needs). Read about the opendkim-genkey parameter at: http://www.opendkim.org/opendkim-genkey.8.html
You’ll need to specify your own domain instead of domain.com and a unique selector name on your server (instead of selector).
opendkim-genkey -b 2048 -d domain.com -D /etc/courier/filters/keys -s selector -r –nosubdomains -v
chmod 640 /etc/courier/filters/keys/selector.*
chown root:courier /etc/courier/filters/keys/selector.*
ln -s selector.private /etc/courier/filters/keys/domain.com

Retreive your public key for adding to your DNS:
cat /etc/courier/filters/keys/selector.txt

Add a text record to your DNS using the record info in the selector.txt file. The name of the TXT record looks like swmail._domainkey and the message is the section that starts with “v=DKIM1;” up until: ” ) ; —– DKIM key

Once you’ve created your DNS record, go ahead and start the filter:
filterctl start zdkimfilter

You can check your log files for details. Adjust the verbose option in the zdkimfilter.conf if you need to troubleshoot. Just restart the filter when you make changes.

By now you’ve probably been using (and should have been) SPF records (note that only the TXT record is used now, not the old SPF type records). You’ll now also want to include a DMARC record. More on that later.