Skip to content


Folders and files

Last commit message
Last commit date

Latest commit



20 Commits

Repository files navigation

Open Issues Pull Requests


The DKIM Rotator script will rotate all generated DKIM keys in a given key directory using the date as the selector and update GoDaddy with new TXT records. Only the Year and Month fields (YYYYMM) will be leveraged for the selector. This script can easily be modified if you wanted to add an additional serial number at the end.


In order for this script to successfully run, there are a few prereqs and assumptions to consider:

  • The opendkim-genkey, mv, cp, sed, and cat binaries need to have corrected paths set up in the declarations. The awk binary must be in the path of the script for a really goofy and unavoidable reason.
  • You have already installed opendkim and it's working swimmingly.
  • You define your working directory where your keys and key table files are. Right now its set as /etc/dkimkeys.
  • All keys that will be rotated are defined in your key table. Technically you don't need to have pre-existing keys, but it may bark an error on you when it tries to move the old key out of the way.
  • You are good with 2048-bit RSA keys and SHA256 for hashing (those are hard coded right now).
  • This now is integrated with GoDaddy's API to auto add the new TXT records to each domain.

Setting up DKIM

Getting DKIM going on your server is outside the scope of this document, but you can refer to this guide for a Debian/Postfix/DKIM setup. One quick note, there is still a mistake in this guide document. When generating keys, the proper -h flag is sha256, NOT rsa-sha256. You can also check out Debian's OpenDKIM guide.


Pretty simple. Just run the script and be sure you have met the prerequisites above.

Bugs & Contact

This script is provided to you free of charge with no expressed or implied warranty. USE AT YOUR OWN RISK. To file a bug, suggest a patch, or contact me, visit GitHub.