Skip to content
DKIM key management for keys stored in OpenLDAP
Python HTML Shell
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.


OpenDKIM is used to sign e-mail messages. It is able to fetch DKIM private keys from an LDAP Server. opendkim-manage is intended to write such private keys into an LDAP Server. opendkim-genzone - an OpenDKIM utility - is able to fetch these DKIM private keys from the LDAP Server, extract the public DKIM key and create files suitable for use with named(8) to publish these public keys in your DNS zone. If your OpenDKIM box has direct access to a primary DNS server, opendkim-manage can also do dynamic zone updates. Currently only one DNS server is supported.


This packages is (will be) well tested on Debian 9 (Stretch) and SuSE Linux Enterprise Server 11 (SLES_11). The following packages have to be pre-installed:

apt-get install --no-install-recommends python-setuptools
apt-get install --no-install-recommends python-dnspython
apt-get install --no-install-recommends python-ldap
apt-get install --no-install-recommends python-m2crypto

If you want to use the --color option, you also need to install:

apt-get install --no-install-recommends python-colorama

opendkim-manage is a tool to mange DKIM keys stored in OpenLDAP. It uses a modified version of the OpenDKIM LDAP schema, which is also shipped with this release. You can find the schema in the contrib folder as well as a sample configuration file. Please see also the file there for a structural overview.

There is nothing much to install. Simply place the opendkim-manage script somewhere into your bin-path, for example /usr/local/sbin. Edit your configuration and you are fine.

If you have tested the functionaility, you may add a cron job at the end that runs once a day:

@daily /usr/local/sbin/opendkim-manage --auto

If you find issues, you are welcome to use the issue tracker here at Github or send a pull request. Have fun...

You can’t perform that action at this time.