By following these two guides: "Getting DKIM, DMARC and SPF to work with Postfix, OpenDKIM and OpenDMARC" and "How to eliminate spam and protect your name with DMARC" - I have installed and configured opendkim and opendmarc on my server, configured them (and Postfix) and added the accompanying DNS records, so now emails from
asjo.org get signed wit DKIM and I have set up DMARC records for the domains. (I had SPF-records set up a long ago already.)
Next year I'll get around to DNSSEC, I'm sure.
Update: if you have people with email adresses on your domain who use Gmail, they need to configure Gmail to use your smtp-server, and in
/etc/opendmarc.conf this option is needed:
IgnoreAuthenticatedClients true. Seems to work.