diff --git a/opendkim/defaults/main.yml b/opendkim/defaults/main.yml
new file mode 100644
index 00000000..582c19d6
--- /dev/null
+++ b/opendkim/defaults/main.yml
@@ -0,0 +1,2 @@
+---
+opendkim_is_active: True
diff --git a/opendkim/files/opendkim.conf b/opendkim/files/opendkim.conf
new file mode 100644
index 00000000..e881694b
--- /dev/null
+++ b/opendkim/files/opendkim.conf
@@ -0,0 +1,18 @@
+UserID                  opendkim
+Socket                  inet:54321:127.0.0.1
+PidFile                 /var/run/opendkim/opendkim.pid
+OversignHeaders         From
+TrustAnchorFile         /usr/share/dns/root.key
+Selector                default
+Canonicalization        relaxed/relaxed
+ExternalIgnoreList      refile:/etc/opendkim/TrustedHosts
+InternalHosts           refile:/etc/opendkim/TrustedHosts
+KeyTable                refile:/etc/opendkim/KeyTable
+LogResults              Yes
+LogWhy                  Yes
+Mode                    sv
+SigningTable            refile:/etc/opendkim/SigningTable
+Syslog                  Yes
+SyslogSuccess           Yes
+TemporaryDirectory      /var/tmp
+UMask                   007
diff --git a/opendkim/handlers/main.yml b/opendkim/handlers/main.yml
new file mode 100644
index 00000000..ccf166a8
--- /dev/null
+++ b/opendkim/handlers/main.yml
@@ -0,0 +1,10 @@
+---
+- name: reload opendkim
+  systemd:
+    name: opendkim
+    state: reloaded
+
+- name: restart opendkim
+  systemd:
+    name: opendkim
+    state: restarted
diff --git a/opendkim/tasks/main.yml b/opendkim/tasks/main.yml
new file mode 100644
index 00000000..c5d6fb8e
--- /dev/null
+++ b/opendkim/tasks/main.yml
@@ -0,0 +1,67 @@
+---
+- name: install OpenDKIM
+  apt:
+    name: "{{ item }}"
+    state: present
+  with_items:
+  - opendkim
+  - opendkim-tools
+  tags:
+  - opendkim
+
+- name: create keys directory
+  file:
+    name: "{{ item }}"
+    state: directory
+    owner: opendkim
+    group: opendkim
+    mode: "0750"
+  with_items:
+  - '/etc/opendkim'
+  - '/etc/opendkim/keys'
+  tags:
+  - opendkim
+
+- name: add 127.0.0.1 to TrustedHosts
+  lineinfile:
+    dest: '/etc/opendkim/TrustedHosts'
+    line: '127.0.0.1'
+    create: True
+    owner: opendkim
+    group: opendkim
+    mode: "0640"
+  notify: reload opendkim
+  tags:
+  - opendkim
+
+- name: create config files
+  file:
+    name: "/etc/opendkim/{{ item }}"
+    state: touch
+    owner: opendkim
+    group: opendkim
+    mode: "0640"
+  with_items:
+  - 'KeyTable'
+  - 'SigningTable'
+  changed_when: False
+  tags:
+  - opendkim
+
+- name: copy OpenDKIM config
+  copy:
+    src: opendkim.conf
+    dest: /etc/opendkim.conf
+    mode: "0644"
+    force: yes
+  notify: restart opendkim
+  tags:
+  - opendkim
+
+- name: ensure opendkim is started and enabled
+  systemd:
+    name: opendkim
+    state: started
+    enabled: True 
+  tags:
+  - opendkim
diff --git a/packmail/meta/main.yml b/packmail/meta/main.yml
index 06186051..2f99ef2c 100644
--- a/packmail/meta/main.yml
+++ b/packmail/meta/main.yml
@@ -4,6 +4,7 @@ dependencies:
   - { role: amavis }
   - { role: spamassasin }
   - { role: clamav }
+  - { role: opendkim }
   - { role: postfix, postfix_packmail: True, postfix_force_main_cf: True }
   - { role: dovecot }
   - { role: apache }
diff --git a/postfix/templates/packmail_main.cf.j2 b/postfix/templates/packmail_main.cf.j2
index 86a03768..2f0fb75f 100644
--- a/postfix/templates/packmail_main.cf.j2
+++ b/postfix/templates/packmail_main.cf.j2
@@ -417,3 +417,8 @@ transport_maps = hash:$config_directory/transport
 {% if amavis_is_active is defined and amavis_is_active == True %}
 content_filter = smtp-amavis:[127.0.0.1]:10024
 {% endif %}
+
+{% if opendkim_is_active is defined and opendkim_is_active == True %}
+smtpd_milters = inet:127.0.0.1:54321
+non_smtpd_milters = inet:127.0.0.1:54321
+{% endif %}