How to Configure DKIM, SPF and DMARC on Ubuntu 26.04

DKIM (DomainKeys Identified Mail), SPF (Sender Policy Framework), and DMARC (Domain-based Message Authentication, Reporting and Conformance) are three DNS-based email authentication standards that protect your domain from spoofing and significantly improve email deliverability. This guide configures all three on Ubuntu 26.04 LTS with Postfix.

Tested and valid on:

• Ubuntu 26.04 LTS

Prerequisites

• Ubuntu 26.04 LTS with Postfix installed
• DNS access to your domain
• A user with sudo privileges

Step 1 – Install OpenDKIM

sudo apt install opendkim opendkim-tools -y

Step 2 – Generate DKIM Keys

sudo mkdir -p /etc/opendkim/keys/example.com
sudo opendkim-genkey -t -s mail -d example.com -D /etc/opendkim/keys/example.com/
sudo chown -R opendkim:opendkim /etc/opendkim/keys/

Step 3 – Configure OpenDKIM

sudo nano /etc/opendkim.conf

Set:

Domain                  example.com
KeyTable                /etc/opendkim/KeyTable
SigningTable            refile:/etc/opendkim/SigningTable
ExternalIgnoreList      refile:/etc/opendkim/TrustedHosts
InternalHosts           refile:/etc/opendkim/TrustedHosts
Socket                  local:/var/spool/postfix/opendkim/opendkim.sock

echo 'mail._domainkey.example.com example.com:mail:/etc/opendkim/keys/example.com/mail.private' | sudo tee /etc/opendkim/KeyTable
echo '@example.com mail._domainkey.example.com' | sudo tee /etc/opendkim/SigningTable
printf 'localhostn127.0.0.1nexample.comn' | sudo tee /etc/opendkim/TrustedHosts

Step 4 – Integrate OpenDKIM with Postfix

sudo mkdir -p /var/spool/postfix/opendkim
sudo chown opendkim:postfix /var/spool/postfix/opendkim
sudo nano /etc/postfix/main.cf

Add:

milter_protocol = 6
milter_default_action = accept
smtpd_milters = local:opendkim/opendkim.sock
non_smtpd_milters = $smtpd_milters

sudo systemctl restart opendkim postfix

Step 5 – Add DKIM DNS Record

sudo cat /etc/opendkim/keys/example.com/mail.txt

Add the TXT record to your DNS. It will look like:

mail._domainkey.example.com  IN TXT  "v=DKIM1; k=rsa; p=MIGfMA0GCSqG..."

Step 6 – Configure SPF DNS Record

Add a TXT record to your DNS:

example.com  IN TXT  "v=spf1 mx a ip4:YOUR_SERVER_IP ~all"

Step 7 – Configure DMARC DNS Record

Add a TXT record:

_dmarc.example.com  IN TXT  "v=DMARC1; p=quarantine; rua=mailto:[email protected]; pct=100"

Verify all three at https://mxtoolbox.com.

Conclusion

DKIM, SPF, and DMARC are configured on Ubuntu 26.04 LTS. These DNS records authenticate your email, protect against spoofing, and dramatically improve deliverability to Gmail, Outlook, and other providers.