Skip to content
Switch branches/tags

Latest commit


Git stats


Failed to load latest commit information.
Latest commit message
Commit time


Ansible role for configuring Postfix with OpenDKIM, an implementation for Linux of DKIM mail signing. Works on Debian distributions and derived like Ubuntu.


This role configures DKIM mail signing service in a hosts that works as a Mail Transport Agent (MTA).

The role:

  • installs and configures opendkim,
  • creates private and public dkim keys for the domains it has to sign, declared in the dkim_domains variable,
  • installs postfix and configures it to pass all the messages of the configured domains to be signed by opendkim,
  • shows the DNS records with the public keys that must be defined in the public DNS of the domains we sign.


The role requires that you configure all the rest of the mail management and you will need to have access to the DNS configuration of the domains you are requesting to sign. At the end, the role will give you the DNS records with the public keys of the domains that you will have to publish in the global DNS system.

Role variable

See also comments and default values in role's file default/main.yml.

Opendkim package parameters

Variable Default value Description
dkim_default_config_file: /etc/default/opendkim Opendkim default values configuration file
dkim_opendkim_config_dir: /etc/opendkim Opendkim configuration directory
dkim_user: opendkim linux user that runs Opendkim
dkim_group: opendkim linux group that runs Opendkim

Opendkim configuration parameters

Variable Default value Description
dkim_selector: email DKIM Public Key DNS record's selector. The definition of a value specific to the MTA server allows to associate the same domain several DKIM Public Keys as DNS records, one for each server that manages and signs mail of the domain.
dkim_admin_email: none e-mail address that manages Opendkim. You must define either dkim_admin_email or legacy admin_email.
dkim_domains: none List of domains that Opendkim must be configured to sign the mails of. A yaml list of DNS.
dkim_same_key: true Whether Opendkim must generate and use the same key for all domains or one specific key for each domain.
dkim_rsa_keylen: 2048 RSA keylength when generating keys with opendkim-keygen. Other currently possible options are 1024 or 4096.

Postfix configuration variables

Variable Default value Description
dkim_postfix_config_file: /etc/postfix/ Postfix main configuration file
dkim_postfix_config: see vars/main.yml List of parameters to be defined in Postfix configuration. Default configuration ensures opendkim is set up as a milter of Postfix to sign mails. You can define additional Postfix parameters using a list union.

Example playbook

- hosts: myserver
    - role: sunfoxcz.dkim
      # if admin_email variable is present, will be used as default for dkim_admin_email
      dkim_admin_email: my@mail.tld
      dkim_selector: mail
       - domain1.tld
       - domain2.tld
      dkim_same_key: false


Licensed under MIT license. See LICENSE for details.


Ansible role for opendkim with postfix on ubuntu setup




No packages published

Contributors 4