diff --git a/data/hooks/conf_regen/28-rmilter b/data/hooks/conf_regen/28-rmilter
index 011856cd6..f505b6d99 100755
--- a/data/hooks/conf_regen/28-rmilter
+++ b/data/hooks/conf_regen/28-rmilter
@@ -7,8 +7,14 @@ do_pre_regen() {
 
   cd /usr/share/yunohost/templates/rmilter
 
+  # Install main configuration
   install -D -m 644 rmilter.conf \
     "${pending_dir}/etc/rmilter.conf"
+
+  # Install DKIM specific configuration
+  install -D -m 644 ynh_dkim.conf \
+    "${pending_dir}/etc/rmilter.conf.d/ynh_dkim.conf"
+
   # Remove old socket file (we stopped using it, since rspamd 1.3.1)
   # Regen-conf system need an empty file to delete it
   install -D -m 644 /dev/null \
@@ -21,8 +27,9 @@ do_post_regen() {
   # retrieve variables
   domain_list=$(sudo yunohost domain list --output-as plain --quiet)
 
-  # create DKIM directory
+  # create DKIM directory with proper permission
   sudo mkdir -p /etc/dkim
+  sudo chown _rmilter /etc/dkim
 
   # create DKIM key for domains
   for domain in $domain_list; do
diff --git a/data/templates/rmilter/rmilter.conf b/data/templates/rmilter/rmilter.conf
index 829d76418..dcd13e9b7 100644
--- a/data/templates/rmilter/rmilter.conf
+++ b/data/templates/rmilter/rmilter.conf
@@ -1,5 +1,21 @@
 # systemd-specific settings for rmilter
 
+# DKIM signing
+# Defined before including /etc/rmilter.conf.common because rmilter seems to be
+# unable to override dkim{} settings, even if it's already defined in
+# /etc/rmilter.conf.d/ynh_dkim.conf
+dkim {
+    enable = true;
+    domain {
+        key = /etc/dkim;
+        domain = "*";
+        selector = "mail";
+    };
+    header_canon = relaxed;
+    body_canon = relaxed;
+    sign_alg = sha256;
+};
+
 .include /etc/rmilter.conf.common
 
 # pidfile - path to pid file
@@ -7,11 +23,6 @@ pidfile = /run/rmilter/rmilter.pid;
 
 bind_socket = unix:/var/spool/postfix/run/rmilter/rmilter.sock;
 
-# DKIM signing
-dkim {
-    domain {
-        key = /etc/dkim;
-        domain = "*";
-        selector = "mail";
-    };
-};
+# include user's configuration
+.try_include /etc/rmilter.conf.local
+.try_include /etc/rmilter.conf.d/*.conf
diff --git a/data/templates/rmilter/ynh_dkim.conf b/data/templates/rmilter/ynh_dkim.conf
new file mode 100644
index 000000000..1e5598d06
--- /dev/null
+++ b/data/templates/rmilter/ynh_dkim.conf
@@ -0,0 +1,14 @@
+# DKIM signing
+# Note that DKIM signing should be done by rspamd in the near future
+# See https://github.com/vstakhov/rmilter/issues/174
+dkim {
+    enable = true;
+    domain {
+        key = /etc/dkim;
+        domain = "*";
+        selector = "mail";
+    };
+    header_canon = relaxed;
+    body_canon = relaxed;
+    sign_alg = sha256;
+};