When sending emails from a new domain on existing server, you get DKIM Unaligned because the domain is not configured in OpenDKIM.
echo "default._domainkey.domain.com domain.com:default:/etc/opendkim/keys/domain.com/default.private" >> /etc/opendkim/KeyTable
echo "*@domain.com default._domainkey.domain.com" >> /etc/opendkim/SigningTable
mkdir -p /etc/opendkim/keys/domain.com opendkim-genkey -D /etc/opendkim/keys/domain.com -d domain.com -s default chown -R opendkim:opendkim /etc/opendkim/keys/domain.com
echo "domain.com" >> /etc/opendkim/TrustedHosts
systemctl restart opendkim
Get the public key:
cat /etc/opendkim/keys/domain.com/default.txt
Add the TXT record to your DNS zone:
default._domainkey.domain.com. IN TXT "v=DKIM1; k=rsa; p=YOUR_PUBLIC_KEY_HERE"
Emails from domain.com will now show DKIM Aligned ✓