diff --git a/playbook_mailserver.yml b/playbook_mailserver.yml
index 18adfc3..cd16ac4 100644
--- a/playbook_mailserver.yml
+++ b/playbook_mailserver.yml
@@ -20,3 +20,5 @@
       tags: dovecot
     - role: mailserver_rspamd
       tags: rspamd
+    - role: mailserver_dkim
+      tags: dkim
diff --git a/roles/mailserver_dkim/handlers/main.yml b/roles/mailserver_dkim/handlers/main.yml
new file mode 100644
index 0000000..7423418
--- /dev/null
+++ b/roles/mailserver_dkim/handlers/main.yml
@@ -0,0 +1,14 @@
+---
+
+- name: Save DKIM TXT record to a file
+  become: true
+  ansible.builtin.copy:
+    content: "{{ dkim_txt_record.stdout }}"
+    dest: "/var/lib/rspamd/dkim/{{ virtual_domain }}.{{ dkim_selector }}.dns"
+    owner: root
+    group: root
+    mode: "640"
+
+- name: Print DKIM TXT record for the DNS zone
+  ansible.builtin.debug:
+    msg: "Don't forget to add this to your DNS zone:\n{{ dkim_txt_record.stdout }}"
diff --git a/roles/mailserver_dkim/tasks/main.yml b/roles/mailserver_dkim/tasks/main.yml
new file mode 100644
index 0000000..b9954d8
--- /dev/null
+++ b/roles/mailserver_dkim/tasks/main.yml
@@ -0,0 +1,25 @@
+---
+
+- name: Create dkim directory for the key file
+  become: true
+  ansible.builtin.file:
+    path: /var/lib/rspamd/dkim
+    state: directory
+    owner: _rspamd
+    group: _rspamd
+    mode: "700"
+
+- name: Set DKIM selector
+  ansible.builtin.set_fact:
+    dkim_selector: "{{ '%Y%m%d01' | strftime }}"
+
+- name: Create keypair
+  become: true
+  ansible.builtin.command:
+    chdir: /var/lib/rspamd/dkim
+    cmd: "rspamadm dkim_keygen -d {{ virtual_domain }} -s {{ dkim_selector }} -k {{ virtual_domain }}.{{ dkim_selector }}.key"
+    creates: "/var/lib/rspamd/dkim/{{ virtual_domain }}.*.key"
+  register: dkim_txt_record
+  notify:
+    - Save DKIM TXT record to a file
+    - Print DKIM TXT record for the DNS zone