My OpenDKIM Notes


These are my OpenDKIM notes for anyone running into OpenDKIM problems. You are reading this message for one reason Your email messages are not signed by dkim, and you want to figure out why.

Note: Email Debugger should be able to fix all below errors for you.

CyberPanel use OpenDKIM with Postfix to add DKIM signatures to emails.

Step 1: Check if OpenDKIM signature is added

Go on command line and run

journalctl -f | grep opendkim

Then send email from SnappyMail, do you get an output like

root@cyberpanel:~# journalctl -f | grep dkim
Jan 10 10:49:17 opendkim[579]: 3447740AAD: DKIM-Signature field added (s=default,

The output above shows that DKIM signature is added and working.

Well if there is no output then obviously OpenDKIM is not working. Either postfix is not able to communicate with OpenDKIM or OpenDKIM is running but not working as it should. Move on to read further.

Step 2: OpenDKIM is listening on port 8891?

If DKIM signature field is not getting added, then see if port 8891 is occupied by OpenDKIM or not

root@ubuntu-default-mariadb-install-check:~# lsof -i:8891
opendkim 292040 opendkim    3u  IPv4 1710032      0t0  TCP localhost:8891 (LISTEN)

In this case as you can see opendkim is listening on port 8891, if not then you have to edit


Open this file and replace any instance of Socket value

Socket			inet:8891
Socket			local:/var/spool/postfix/opendkim/opendkim.sock

These or more possible values of Socket variable are not right, make sure it looks like

Socket			inet:8891@localhost

then restart opendkim

systemctl restart opendkim

Then check again and OpenDKIM should be listening on port 8891.

Step 3: Check if your domain is present in OpenDKIM conf

Domain must be in Keytable, SigningTable and TrustedHosts files


Let say our domain is, so example of above files for this domain should be

KeyTable cyberpanel.netdefault:/etc/opendkim/keys/




If you have multiple domains for each domain you will have similar entries in all of those files.

If they are not present, add them and restart OpenDKIM.

If you don’t know what you are doing just reset email configs using Email Debugger

Bonus: Command to generated DKIM keys

opendkim-genkey -D /etc/opendkim/keys/ -d -s default

Bonus 2: OpenDKIM and RSPAMD

If you are using RSPAMD and unable to get DKIM working then,

I found the solution to RSPAMD problem, first disable dkim skining in rspamd

nano /etc/rspamd/local.d/dkim_signing.conf

add following in this file

enabled = false;

then run following on cli

systemctl restart rspamd.service

Then open your postfix conf

nano /etc/postfix/

You will see something like at the very end of your postfix conf.

smtpd_milters = inet:
non_smtpd_milters = $smtpd_milters
milter_default_action = accept

tls_server_sni_maps = hash:/etc/postfix/

smtpd_milters = inet:
non_smtpd_milters = inet:

Convert it to

smtpd_milters = inet:, inet:
non_smtpd_milters = inet:, inet:
milter_default_action = accept

Then restart postfix

systemctl restart postfix

Basically you should only have one instance of smtpd_milters and non_smtpd_milters. You can combine them into a single entry as I’ve done above.

To be continued…

1 Like

Done. Thank you!