Adoptable Cookbooks List

Looking for a cookbook to adopt? You can now see a list of cookbooks available for adoption!
List of Adoptable Cookbooks

Supermarket Belongs to the Community

Supermarket belongs to the community. While Chef has the responsibility to keep it running and be stewards of its functionality, what it does and how it works is driven by the community. The chef/supermarket repository will continue to be where development of the Supermarket application takes place. Come be part of shaping the direction of Supermarket by opening issues and pull requests or by joining us on the Chef Mailing List.

Select Badges

Select Supported Platforms

Select Status


opendkim (4) Versions 2.0.0

Installs and configures OpenDKIM: Open source implementation of the DKIM (Domain Keys Identified Mail) sender authentication system.

cookbook 'opendkim', '~> 2.0.0', :supermarket
cookbook 'opendkim', '~> 2.0.0'
knife supermarket install opendkim
knife supermarket download opendkim
Quality 17%

OpenDKIM Cookbook


Cookbook Version
Dependency Status
Code Climate
Build Status
Coverage Status
Inline docs

Installs and configures OpenDKIM: Open source implementation of the DKIM (Domain Keys Identified Mail) sender authentication system.


Supported Platforms

This cookbook has been tested on the following platforms:

  • Amazon Linux
  • CentOS
  • Debian
  • Fedora
  • FreeBSD
  • Oracle Linux
  • RedHat
  • Scientific Linux
  • Ubuntu

Please, let us know if you use it successfully on any other platform.

Required Cookbooks

Required Applications

  • Chef 12 or higher.
  • Ruby 2.2 or higher.


Attribute Default Description
node['opendkim']['conf'] calculated OpenDKIM configuration hash.

Some cookbook attributes are used internally to support the different platforms. Surely you want to change them if you want to support new platforms or want to improve the support of some platforms already supported.

Attribute Default Description
node['opendkim']['conf_file'] calculated OpenDKIM Configuration file path.
node['opendkim']['service']['name'] calculated OpenDKIM system service name.
node['opendkim']['service']['supports'] calculated OpenDKIM service supported actions.
node['opendkim']['packages']['tools'] calculated OpenDKIM tools package name as array (currently unused).
node['opendkim']['packages']['service'] %w(opendkim) OpenDKIM daemon package name as array.
node['opendkim']['run_dir'] '/var/run/opendkim' OpenDKIM run directory used for the pidfile and as home for the system user.
node['opendkim']['user'] 'opendkim' OpenDKIM system user name.
node['opendkim']['group'] 'opendkim' OpenDKIM system group.



Installs and configures OpenDKIM.

Usage Examples

Including in a Cookbook Recipe

You can simply include it in a recipe:

include_recipe 'opendkim'

Don't forget to include the opendkim cookbook as a dependency in the metadata.

# metadata.rb
# [...]

depends 'opendkim'

Including in the Run List

Another alternative is to include the default recipe in your Run List:

  "name": "",
  "[...]": "[...]",
  "run_list": [

Reading the Key from a Chef Vault Bag

This is a complete example that reads the DKIM key from a chef vault bag using the chef-vault cookbook. The txt field is completely optional.

For more information about this configuration options, see opendkim.conf(5) and opendkim(8).

domain = ''
selector = '20150522'
key_name = "#{selector}._domainkey.#{domain} "\

directory '/etc/opendkim' do
  mode '00755'

# Configure and Create OpenDKIM Tables

# Defines a table that will be queried to convert key names to sets of data of
# the form (signing domain, signing selector, private key). The private key can
# either contain a PEM-formatted private key, a base64-encoded DER format
# private key, or a path to a file containing one of those.
node.default['opendkim']['conf']['KeyTable'] = 'refile:/etc/opendkim/KeyTable'

file '/etc/opendkim/KeyTable' do
  mode '00644'
    "#{key_name} "\

# Defines a dataset that will be queried for the message sender's address
# to determine which private key(s) (if any) should be used to sign the
# message. The sender is determined from the value of the sender
# header fields as described with SenderHeaders above. The key for this
# lookup should be an address or address pattern that matches senders;
# see the opendkim.conf(5) man page for more information. The value
# of the lookup should return the name of a key found in the KeyTable
# that should be used to sign the message. If MultipleSignatures
# is set, all possible lookup keys will be attempted which may result
# in multiple signatures being applied.
node.default['opendkim']['conf']['SigningTable'] =

file '/etc/opendkim/SigningTable' do
  mode '00644'
  content "*@#{domain} #{key_name}\n"

# Install OpenDKIM

include_recipe 'opendkim'

# Read DKIM keys from chef-vault

# node#save avoids chef-vault chicken & egg problem (a bit tricky) unless Chef::Config[:solo]
include_recipe 'chef-vault'
key = chef_vault_item('dkim_keys', domain)

# Create the credential files

directory "/etc/opendkim/keys/#{domain}" do
  owner node['opendkim']['user']
  group node['opendkim']['group']
  recursive true

file "/etc/opendkim/keys/#{domain}/#{selector}.private" do
  owner node['opendkim']['user']
  group node['opendkim']['group']
  mode '00640'
  sensitive true if Chef::Resource.method_defined?(:sensitive)
  content key['private']

# The txt is optional
file "/etc/opendkim/keys/#{domain}/#{selector}.txt" do
  owner node['opendkim']['user']
  group node['opendkim']['group']
  mode '00644'
  content key['txt']
  only_if { key['txt'].is_a?(String) }

The vault bag content example:

  "id": "",
  "private": "-----BEGIN RSA PRIVATE KEY-----\n [...] \n-----END RSA PRIVATE KEY-----\n",
  "txt": "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB [...]"

The knife command to create the vault bag item:

$ knife vault create dkim_keys [...]

See the Chef-Vault documentation to learn how to create chef-vault bags.

Integrate OpenDKIM with Postfix

We are using the postfix-full cookbook in this example:

opendkim_port = 8891

# Configure Postfix
node.default['postfix']['main']['milter_protocol'] = 2
node.default['postfix']['main']['milter_default_action'] = 'accept'
node.default['postfix']['main']['smtpd_milters'] =
node.default['postfix']['main']['non_smtpd_milters'] =

# [...]
include_recipe 'postfix-full'

# Configure OpenDKIM
node.default['opendkim']['conf']['Mode'] = 'sv'
node.default['opendkim']['conf']['Socket'] = "inet:#{opendkim_port}@localhost"

# [...]
include_recipe 'opendkim'

DNS Resource Record TXT Example

This a DNS TXT record example based on the examples above: 21599 IN TXT "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB [...]"

Deploy with Docker

You can use the Dockerfile included in the cookbook source code to run the cookbook inside a container:

$ docker build -t chef-opendkim .
$ docker run -d -p 8891:8891 chef-opendkim

The sample Dockerfile:

FROM zuazo/chef-local:debian-7

COPY . /tmp/opendkim
RUN berks vendor -b /tmp/opendkim/Berksfile $COOKBOOK_PATH
RUN chef-client -r "recipe[apt],recipe[opendkim]"


CMD ["/usr/sbin/opendkim", "-f", "-x", "/etc/opendkim.conf", "-u", "opendkim", "-P", "/var/run/opendkim/"]

See the chef-local container documentation for more examples.

Testing Your Email DKIM Configuration

You can send an empty email to to check that everything works correctly.




Please do not hesitate to open an issue with any questions or problems.




License and Author

Author: Raul Rodriguez (
Author: Xabier de Zuazo (
Contributor: Michael Burns
Copyright: Copyright (c) 2015, Xabier de Zuazo
Copyright: Copyright (c) 2015, Onddo Labs, SL.
License: Apache License, Version 2.0
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
See the License for the specific language governing permissions and
limitations under the License.

Change Log

All notable changes to the opendkim cookbook will be documented in this file.

The format is based on Keep a Changelog and this project adheres to Semantic Versioning.

2.0.0 - 2017-03-31

Added in 2.0.0

  • Chef 13 support.
  • metadata: Add chef_version.
  • README: Add GitHub badge.

Changed in 2.0.0

  • CHANGELOG: Follow "Keep a CHANGELOG".

Removed in 2.0.0

  • Drop Chef < 12 and Ruby < 2.2 support.

Improved in 2.0.0

  • README: Add doc and license badges.
  • Improve TESTING documentation.
  • Update RuboCop to 0.48.

1.0.0 - 2015-09-03

Addeed in 1.0.0

  • Add Oracle Linux and Scientific Linux support.
  • metadata: Add source_url and issues_url links.

Fixed in 1.0.0

  • Fix Ubuntu 15.04 support.

Changed in 1.0.0

  • Update contact information and links after migration.

Improved in 1.0.0

  • Improve platforms support using node['platform_family'] node attribute.
  • Gemfile: Update RuboCop to 0.33.0.

0.2.0 - 2015-07-06

Added in 0.2.0

Improved in 0.2.0

  • README: Fix and improve some examples.
  • Update RuboCop to 0.32.1.

0.1.0 - 2015-05-21

  • Initial release of opendkim.

Collaborator Number Metric

2.0.0 failed this metric

Failure: Cookbook has 1 collaborators. A cookbook must have at least 2 collaborators to pass this metric.

Contributing File Metric

2.0.0 failed this metric

Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of, and your repo must contain a file

Foodcritic Metric

2.0.0 failed this metric

FC069: Ensure standardized license defined in metadata: opendkim/metadata.rb:1
FC072: Metadata should not contain "attribute" keyword: opendkim/metadata.rb:1
Run with Foodcritic Version 16.3.0 with tags metadata,correctness ~FC031 ~FC045 and failure tags any

No Binaries Metric

2.0.0 passed this metric

Testing File Metric

2.0.0 failed this metric

Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of, and your repo must contain a file

Version Tag Metric

2.0.0 failed this metric

Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of, and your repo must include a tag that matches this cookbook version number