====== Adding DKIM for New Domain ======

===== Problem =====
When sending emails from a new domain on existing server, you get DKIM Unaligned because the domain is not configured in OpenDKIM.

===== Solution Steps =====

==== 1. Add to KeyTable ====
<code bash>
echo "default._domainkey.domain.com domain.com:default:/etc/opendkim/keys/domain.com/default.private" >> /etc/opendkim/KeyTable
</code>

==== 2. Add to SigningTable ====
<code bash>
echo "*@domain.com default._domainkey.domain.com" >> /etc/opendkim/SigningTable
</code>

==== 3. Generate DKIM Keys ====
<code bash>
mkdir -p /etc/opendkim/keys/domain.com
opendkim-genkey -D /etc/opendkim/keys/domain.com -d domain.com -s default
chown -R opendkim:opendkim /etc/opendkim/keys/domain.com
</code>

==== 4. Add to TrustedHosts ====
<code bash>
echo "domain.com" >> /etc/opendkim/TrustedHosts
</code>

==== 5. Restart OpenDKIM ====
<code bash>
systemctl restart opendkim
</code>

==== 6. Update DNS ====
Get the public key:
<code bash>
cat /etc/opendkim/keys/domain.com/default.txt
</code>

Add the TXT record to your DNS zone:
<code>
default._domainkey.domain.com.    IN    TXT    "v=DKIM1; k=rsa; p=YOUR_PUBLIC_KEY_HERE"
</code>

===== Result =====
Emails from domain.com will now show DKIM Aligned ✓