| Both sides previous revisionPrevious revision | |
| computing:spfdkim [2019/12/30 02:14] – oemb1905 | computing:spfdkim [2022/12/11 05:50] (current) – oemb1905 |
|---|
| {{ :computing:dmarc.png |}} | {{ :computing:dmarc.png |}} |
| |
| A big thanks to this hacker for finally providing a sensible tutorial to riff off of: [[https://www.stavros.io/posts/how-properly-configure-google-apps-email/|Stavros' Stuff]]. Also, thanks to this hacker [[https://www.linuxbabe.com/mail-server/create-dmarc-record|Linuxbabe]] for her tutorial. | Some folks want to set up DKIM on their own email server instead of just with Google Workspace. If that's so, here's what you need to do: |
| |
| --- //[[jonathan@haacksnetworking.com|oemb1905]] 2019/12/30 02:13// | sudo apt install opendkim opendkim-tools |
| | sudo adduser postfix opendkim |
| | sudo nano /etc/opendkim.conf |
| | <Canonicalization relaxed/simple> |
| | <Mode sv> |
| | <SubDomains no> |
| | <Nameservers 8.8.8.8,1.1.1.1> |
| | <KeyTable refile:/etc/opendkim/key.table> |
| | <SigningTable refile:/etc/opendkim/signing.table> |
| | <ExternalIgnoreList /etc/opendkim/trusted.hosts> |
| | <InternalHosts /etc/opendkim/trusted.hosts> |
| | |
| | Now that the configuration for DKIM is ready, let's create the keys and content for the locations specified above: |
| | |
| | sudo mkdir -p /etc/opendkim/keys |
| | sudo chown -R opendkim:opendkim /etc/opendkim |
| | sudo chmod 711 /etc/opendkim/keys |
| | sudo nano /etc/opendkim/signing.table |
| | <*@example.com default._domainkey.example.com> |
| | <*@*.example.com default._domainkey.example.com> |
| | sudo nano /etc/opendkim/key.table |
| | <default._domainkey.example.com example.com:default:/etc/opendkim/keys/example.com/default.private> |
| | sudo nano /etc/opendkim/trusted.hosts |
| | <.domain.com> |
| | sudo mkdir /etc/opendkim/keys/example.com |
| | sudo opendkim-genkey -b 2048 -d example.com -D /etc/opendkim/keys/example.com -s default -v |
| | sudo chown opendkim:opendkim /etc/opendkim/keys/example.com/default.private |
| | sudo chmod 600 /etc/opendkim/keys/example.com/default.private |
| | |
| | It's now time to create the corresponding TXT record for this DKIM key. To do that, display the key with ''sudo cat /etc/opendkim/keys/example.com/default.txt'' and then copy everything between the parentheses into your TXT record with ''default._domainkey'' as the host instead of google._domainkey like the first picture. After the DKIM TXT record caches, test your server's dkim as follows: |
| | |
| | sudo opendkim-testkey -d example.com -s default -vvv |
| | |
| | Note that that output will display "key not secure" unless you configure DNSSEC, which this tutorial has not done. If your server is using postfix smtp, then leverage this DKIM key as follows: |
| | |
| | sudo mkdir /var/spool/postfix/opendkim |
| | sudo chown opendkim:postfix /var/spool/postfix/opendkim |
| | sudo nano /etc/opendkim.conf |
| | <Socket local:/var/spool/postfix/opendkim/opendkim.sock> |
| | sudo nano /etc/default/opendkim |
| | <SOCKET="local:/var/spool/postfix/opendkim/opendkim.sock"> |
| | sudo nano /etc/postfix/main.cf |
| | <milter_default_action = accept> |
| | <milter_protocol = 6> |
| | <smtpd_milters = local:opendkim/opendkim.sock> |
| | <non_smtpd_milters = $smtpd_milters> |
| | |
| | It's now a good time to test your email quality with [[https://mail-tester.com|Mail Tester]] to see if you got a 10/10 score. You can do this through postfix and an email client or directly from the server as follows: |
| | |
| | echo "Hi Relay Server, I am testing you" | mail -s "Subject - DKIM Test" oemb1905@jonathanhaack.com |
| | |
| | Just check the headers and see if DKIM: passed is present. |
| | |
| | --- //[[jonathan@haacksnetworking.org|oemb1905]] 2022/12/10 22:45// |
| |
