Amavis DKIM setup

By | July 1, 2015


  1. I’m keeping the keys organised by year, this might change in the future
  2. If you omit the 1024 from the genrsa command it’ll generate 1024 keys. Its supplied here now to remind me to upgrade these to 2048 keys when the time is right (at present Easyspace don’t allow you to enter 2048 records – helpful)

Generate key for domain(s)

amavisd genrsa /usr/local/etc/amavisd/dkim/<year> 1024

amavisd genrsa /usr/local/etc/amavisd/dkim/ 1024

nano amavisd.conf and add something similar to dkim_key(‘’, ‘2048’, ‘/usr/local/etc/amavisd/dkim/2015/’); and save



# amavisd showkeys

to find out how you need to set up the DNS. Command spits out something like 3600 TXT (
 "v=DKIM1; p="

You need to reformat it a bit for Easyspace….

host :

data :

v=DKIM1; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC2xPNPTmYuTCkvMIgONUd8vTPeFM0uJHlVMwxrfdyhFLIWr5C73jpWulyrEmn/3Ujkt8aemSqo2EB90UmEhvt0VVZtIV2ROLXm/HjJF+eHq617xUKx/f9218sGp+1D3dTMsai7N7Sdxt41WN3SgTlyjSL7/MifKPUNPKJkGeJV3wIDAQAB

Once DNS record published you can test by running…

# amavisd testkeys

Assuming amavisd’s test are a pass you can sync configuration accross all servers and restart amavisd-new on all servers.

Finally, perform an external test using either of the following services…