Muối Nhạt's site

Make notes and share experiences

Make notes and share experiences

Postfix – Config SPF, DKIM and DMARC

Below is some articles that I have referred to config SPF and DKIM on my self-host mail server.

1) SPF

The first article that I found: “Authenticating with SPF: -all or ~all”
And more detail: “Configure SPF and DKIM With Postfix on Debian 8”

Below is my work – I was setting up for a sub-domain of infotechviet.com: assuming that you’re already have configured the DNS record for your mail server. like this:

lcl A record – points to public mail ip 113.xxx.xx.12x
lcl MX record – mail handled by lcl.infotechviet.com
mail CNAME record – is an alias of lcl.infotechviet.com

So now, I am setting up my SPF like this:

lcl    TXT record  – has value as “v=spf1 a mx ip4:113.xxx.xx.12x include:lcl.infotechviet.com -all”

Otherwise:

lcl   TXT record  – has value as “v=spf1 a mx ip4:113.xxx.xx.12x -all”
(each items in the value is just optional, you’re having a specific ip address, then no need the include option, or you can have multi include options as you want:
– has value as “v=spf1 a mx ip4:113.xxx.xx.12x include:lcl.infotechviet.com include:mail.infotechviet.com -all”

 

See the explanation on the above links:

As if you’re using the Exchange Mail Online Service 365, you’re properly has a TXT record like this – for my root domain (ie: infotechviet.com):

@    TXT record  – has value as “v=spf1 include:spf.protection.outlook.com -all”

 

2) DMARC

I am currently setting my DMARC as below

_dmarc.lcl   TXT record  – has value as “v=DMARC1;p=quarantine;sp=quarantine;adkim=r;aspf=r”

Or if you’re using Exchange Mail Online Service 365, it shall be like this – for my root domain (ie: infotechviet.com)

_dmarc  TXT record  – has value as “v=DMARC1; p=none;”

Find the explanation https://linode.com/docs/email/postfix/configure-spf-and-dkim-in-postfix-on-debian-8/

 

3) DKIM – OpenDKIM

I was referring some article like this: https://easyengine.io/tutorials/mail/dkim-postfix-ubuntu/
But actually, this article has made things going to work: https://help.ubuntu.com/community/Postfix/DKIM#Common_errors_and_fixes

My work:

root@ubuntu:# apt install opendkim opendkim-tools

root@ubuntu:# vi /etc/opendkim.conf

# I prefer to use a wildcard as suggestion
# https://help.ubuntu.com/community/Postfix/DKIM#Common_errors_and_fixes 
# Domain example.com
  Domain * 
  KeyFile /etc/postfix/dkim.key
  Selector mail
  SOCKET inet:8891@localhost


root@ubuntu:# vi /etc/default/opendkim

# Command-line options specified here will override the contents of
# /etc/opendkim.conf. See opendkim(8) for a complete list of options.
# DAEMON_OPTS=""
#
# Uncomment to specify an alternate socket
# Note that setting this will override any Socket value in opendkim.conf
# default:
# THIS BELOW WAS MARKED AS COMMENT BY NGHIA LE
# SOCKET="local:/var/run/opendkim/opendkim.sock"
# listen on all interfaces on port 54321:
# SOCKET="inet:54321"
# listen on loopback on port 12345:
# SOCKET="inet:12345@localhost"
# listen on 192.0.2.1 on port 12345:
# SOCKET="inet:12345@192.0.2.1"
# Below was added by Nghia Le for DKIM Configuration
  SOCKET="inet:8891@localhost"

root@ubuntu:# vi /etc/postfix/main.cf

# Below was added by Nghia Le for DKIM Configuration
  milter_default_action = accept
  milter_protocol = 2
  smtpd_milters = inet:localhost:8891
  non_smtpd_milters = inet:localhost:8891


#Key generation for dkim-milter and its setup with DNS
root@ubuntu:# opendkim-genkey -t -s mail -d lcl.infotechviet.com

root@ubuntu:# cp mail.private /etc/postfix/dkim.key
root@ubuntu:# chown opendkim:opendkim /etc/postfix/dkim.key

root@ubuntu:# cat mail.txt
mail._domainkey IN TXT ( "v=DKIM1; k=rsa; t=y; " "p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCS+uGXm55i2E24CuSCyvLurVkGhTxjgtmXMFvmSXaduBSjLz8wqxgfCo/aBRG8fIqKpoTZy6Wc/QRd29xE0zKMxY2QX+oFJYjDco7fLuL1UTQv3OhhH/dr4RxUrf0V+XPsxlmUS/gDNl1wsRZyGQaogTmjgfLGJzrz901GOcIxXwIDAQAB" ) ; ----- DKIM key mail for lcl.infotechviet.com
#You properly have to add this TXT record to your domain

root@ubuntu:# systemctl start opendkim.service
root@ubuntu:# systemctl restart postfix.service


END.

 

RELATED POSTS

Kubernetes

Kubernetes is a container orchestration platform that automates the deployment, scaling, and management of containerized applications. Its architecture comprises several components, each with specific functionality: These components work together to provide a robust and scalable platform for deploying and managing

Read More »
Share the Post: