I have TWO CentOS servers.

The first one was installed some weeks ago with two forums and sendmail to enable the Forum to send notifications to users.

I created an SPF and a DMARC Record for my Domain as well as a DKIM record for the domain.

Now I created a SECOND Centos server. It will be solely used as a mail server with Postfix and Dovecot.

Test mails show it is using the SPF and DMARC records, but I am at a loss of how to make postfix aware of DKIM as the DKIM record was created using opendkim on a different server.

Should I install opendkim on the second server or what?

Yes, that's what you need to do. There's any number of tutorials in using postfix with opendkim. You'll install it and then use the private keys from the existing server.

Unless you've a compelling reason I'd also suggest eventually replacing sendmail with postfix on the existing server.

1 members found this post helpful.

It does not matter what you use to create DKiM key pair or where you create it. It's just RSA key pair, you can as well use openssl, which I use
and then create TXT DNS record for [selector]._domainkey.mydomain containing public key "v=DKIM1; k=rsa; p=[your public key in a single line]"

You can use any string for selector and you can have as many selectors as you like for your domain. For example some companies send some email using third party and do not want to share their private key with them so they use different key pair with different selector for these emails. However if you manage both servers you can as well use the same selector and key for both.

On the second server you need to install OpenDKiM or any other DKiM signing software. Doesn't really matter what you choose as long as your private key and selector you use to sign your emails have matching public key and selector published in DNS.

Myself, I am using the same key pair for many domains to make it more manageable. Initially I tried having unique key pairs, but I ended up with hundreds of pairs and started getting lost. It's also easier to change your key pair if your private key becomes compromised.

1 members found this post helpful.

Yes, I closed down the Sendmail server completely. I installed Opendkim on the Postfix server and created a new keypair.

It took me some time to get the key into my DNS, after removing the " quotes and then trying to put it into one long line. The only way I managed to do it was to open my phpBB Click the Code and then paste the key into the Once I managed to get a single line I pasted it into my DNS and it works perfectly.

Thanks for the help and advice, guys.