Haack's Wiki

User Tools

Site Tools

Trace: vmserver encryption selfhostedwp
computing:mailserver

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
computing:mailserver [2025/05/02 17:10] oemb1905computing:mailserver [2025/05/15 19:21] (current) oemb1905
Line 187: Line 187:
    reject_unauth_destination,    reject_unauth_destination,
    check_policy_service unix:private/policyd-spf    check_policy_service unix:private/policyd-spf
 +
 +You also need to make sure that your spf policy is not set to reject emails by default. 
 +
 +  nano /etc/postfix-policyd-spf-python/policyd-spf.conf
 +  
 +Make sure that ''Fail'' is changed to ''False'' for the top two entries. The policy will ensure that those spf violations are logged, but the change to False ensures no email is lost as a result. 
 +
 +  HELO_reject = False
 +  Mail_From_reject = False
  
 Now, it is time to set up DKIM on your server. After creating the DKIM record/key on your server, you will need to create a corresponding TXT record for it to establish that anything over smtp with that signature is, in fact, you/your server. Let's install opendkim with ''sudo apt install opendkim opendkim-tools'' and add postfix to its group with ''sudo adduser postfix opendkim'' and then adjust the configuration in ''sudo nano /etc/opendkim.conf'' as follows: Now, it is time to set up DKIM on your server. After creating the DKIM record/key on your server, you will need to create a corresponding TXT record for it to establish that anything over smtp with that signature is, in fact, you/your server. Let's install opendkim with ''sudo apt install opendkim opendkim-tools'' and add postfix to its group with ''sudo adduser postfix opendkim'' and then adjust the configuration in ''sudo nano /etc/opendkim.conf'' as follows:
Line 256: Line 265:
   AuthservID OpenDMARC   AuthservID OpenDMARC
   TrustedAuthservIDs mail.yourdomain.com   TrustedAuthservIDs mail.yourdomain.com
-  RejectFailures true+  RejectFailures false #track only, do not stop at gate
   IgnoreAuthenticatedClients true   IgnoreAuthenticatedClients true
   RequireHeaders true   RequireHeaders true
Line 564: Line 573:
 These tools prove helpful if/when emails get stuck, etc. These tools prove helpful if/when emails get stuck, etc.
  
- --- //[[alerts@haacksnetworking.org|oemb1905]] 2025/05/02 17:01//+ --- //[[alerts@haacksnetworking.org|oemb1905]] 2025/05/15 19:19//
computing/mailserver.1746205858.txt.gz · Last modified: 2025/05/02 17:10 by oemb1905

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: GNU Free Documentation License 1.3
GNU Free Documentation License 1.3 Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki