diff --git a/cmdeploy/src/cmdeploy/__init__.py b/cmdeploy/src/cmdeploy/__init__.py
index 9c9601d2..f624bffb 100644
--- a/cmdeploy/src/cmdeploy/__init__.py
+++ b/cmdeploy/src/cmdeploy/__init__.py
@@ -131,6 +131,12 @@ def _configure_opendkim(domain: str, dkim_selector: str = "dkim") -> bool:
     need_restart = False
 
     server.group(name="Create opendkim group", group="opendkim", system=True)
+    server.user(
+        name="Create opendkim user",
+        user="opendkim",
+        groups=["opendkim"],
+        system=True,
+    )
     server.user(
         name="Add postfix user to opendkim group for socket access",
         user="postfix",
@@ -138,11 +144,6 @@ def _configure_opendkim(domain: str, dkim_selector: str = "dkim") -> bool:
         system=True,
     )
 
-    apt.packages(
-        name="apt install opendkim opendkim-tools",
-        packages=["opendkim", "opendkim-tools"],
-    )
-
     main_config = files.template(
         src=importlib.resources.files(__package__).joinpath("opendkim/opendkim.conf"),
         dest="/etc/opendkim.conf",
@@ -208,6 +209,11 @@ def _configure_opendkim(domain: str, dkim_selector: str = "dkim") -> bool:
         present=True,
     )
 
+    apt.packages(
+        name="apt install opendkim opendkim-tools",
+        packages=["opendkim", "opendkim-tools"],
+    )
+
     if not host.get_fact(File, f"/etc/dkimkeys/{dkim_selector}.private"):
         server.shell(
             name="Generate OpenDKIM domain keys",