Below is some articles that I have referred to config SPF and DKIM on my self-host mail server.
1) SPF
The first article that I found: “Authenticating with SPF: -all or ~all”
And more detail: “Configure SPF and DKIM With Postfix on Debian 8”
Below is my work – I was setting up for a sub-domain of infotechviet.com: assuming that you’re already have configured the DNS record for your mail server. like this:
lcl A record – points to public mail ip 113.xxx.xx.12x
lcl MX record – mail handled by lcl.infotechviet.com
mail CNAME record – is an alias of lcl.infotechviet.com
So now, I am setting up my SPF like this:
lcl TXT record – has value as “v=spf1 a mx ip4:113.xxx.xx.12x include:lcl.infotechviet.com -all”
Otherwise:
lcl TXT record – has value as “v=spf1 a mx ip4:113.xxx.xx.12x -all”
(each items in the value is just optional, you’re having a specific ip address, then no need the include option, or you can have multi include options as you want:
– has value as “v=spf1 a mx ip4:113.xxx.xx.12x include:lcl.infotechviet.com include:mail.infotechviet.com -all”
See the explanation on the above links:
As if you’re using the Exchange Mail Online Service 365, you’re properly has a TXT record like this – for my root domain (ie: infotechviet.com):
@ TXT record – has value as “v=spf1 include:spf.protection.outlook.com -all”
2) DMARC
I am currently setting my DMARC as below
_dmarc.lcl TXT record – has value as “v=DMARC1;p=quarantine;sp=quarantine;adkim=r;aspf=r”
Or if you’re using Exchange Mail Online Service 365, it shall be like this – for my root domain (ie: infotechviet.com)
_dmarc TXT record – has value as “v=DMARC1; p=none;”
Find the explanation https://linode.com/docs/email/postfix/configure-spf-and-dkim-in-postfix-on-debian-8/
3) DKIM – OpenDKIM
I was referring some article like this: https://easyengine.io/tutorials/mail/dkim-postfix-ubuntu/
But actually, this article has made things going to work: https://help.ubuntu.com/community/Postfix/DKIM#Common_errors_and_fixes
My work:
root@ubuntu:# apt install opendkim opendkim-tools root@ubuntu:# vi /etc/opendkim.conf # I prefer to use a wildcard as suggestion # https://help.ubuntu.com/community/Postfix/DKIM#Common_errors_and_fixes # Domain example.com Domain * KeyFile /etc/postfix/dkim.key Selector mail SOCKET inet:8891@localhost root@ubuntu:# vi /etc/default/opendkim # Command-line options specified here will override the contents of # /etc/opendkim.conf. See opendkim(8) for a complete list of options. # DAEMON_OPTS="" # # Uncomment to specify an alternate socket # Note that setting this will override any Socket value in opendkim.conf # default: # THIS BELOW WAS MARKED AS COMMENT BY NGHIA LE # SOCKET="local:/var/run/opendkim/opendkim.sock" # listen on all interfaces on port 54321: # SOCKET="inet:54321" # listen on loopback on port 12345: # SOCKET="inet:12345@localhost" # listen on 192.0.2.1 on port 12345: # SOCKET="inet:12345@192.0.2.1" # Below was added by Nghia Le for DKIM Configuration SOCKET="inet:8891@localhost" root@ubuntu:# vi /etc/postfix/main.cf # Below was added by Nghia Le for DKIM Configuration milter_default_action = accept milter_protocol = 2 smtpd_milters = inet:localhost:8891 non_smtpd_milters = inet:localhost:8891 #Key generation for dkim-milter and its setup with DNS root@ubuntu:# opendkim-genkey -t -s mail -d lcl.infotechviet.com root@ubuntu:# cp mail.private /etc/postfix/dkim.key root@ubuntu:# chown opendkim:opendkim /etc/postfix/dkim.key root@ubuntu:# cat mail.txt mail._domainkey IN TXT ( "v=DKIM1; k=rsa; t=y; " "p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCS+uGXm55i2E24CuSCyvLurVkGhTxjgtmXMFvmSXaduBSjLz8wqxgfCo/aBRG8fIqKpoTZy6Wc/QRd29xE0zKMxY2QX+oFJYjDco7fLuL1UTQv3OhhH/dr4RxUrf0V+XPsxlmUS/gDNl1wsRZyGQaogTmjgfLGJzrz901GOcIxXwIDAQAB" ) ; ----- DKIM key mail for lcl.infotechviet.com #You properly have to add this TXT record to your domain root@ubuntu:# systemctl start opendkim.service root@ubuntu:# systemctl restart postfix.service END.