User Tools

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
email:configure-dkim-spf-dmarc [2025/03/06 06:51] willyemail:configure-dkim-spf-dmarc [2025/03/13 14:05] (current) – [Configure proper mail delivery] willy
Line 1: Line 1:
-====== Configure proper mail delivery ======+====== I) Configure proper mail delivery ======
  
 You need access to your domain DNS records, this is mandatory. You need access to your domain DNS records, this is mandatory.
Line 76: Line 76:
 Let's wrap it all up with the following **/etc/opendkim/opendkim.conf** file: Let's wrap it all up with the following **/etc/opendkim/opendkim.conf** file:
 <file - opendkim.conf> <file - opendkim.conf>
 +Syslog                  yes 
 +SyslogSuccess           yes 
 +Canonicalization        relaxed/relaxed 
 +SendReports             yes 
 +PidFile /run/opendkim/opendkim.pid 
 +Socket local:/var/run/opendkim/opendkim.sock 
 +UMask 0117 
 +UserID opendkim:dkimsocket 
 +AutoRestart             Yes 
 +AutoRestartRate         10/1h 
 +Mode                    sv 
 +# Use the following lines for a single domain/selector 
 +Domain                  gardiol.org 
 +Selector                gardiol.org 
 +KeyFile                 /etc/opendkim/gardiol.org.private 
 +# Use the following lines for multiple domain/selectors, they use tables instead: 
 +#KeyTable           /etc/opendkim/key_table 
 +#SigningTable       /etc/opendkim/signing_table 
 +#ExternalIgnoreList /etc/opendkim/trusted_hosts 
 +#InternalHosts      /etc/opendkim/trusted_hosts
 </file> </file>
  
 +If you want to use multiple domains and selectors, you need to create the table files and put the multiple references there. Check the official OpenDKIM documentation linked above.
  
 === Start & Autostart OpenDKIM === === Start & Autostart OpenDKIM ===
Line 95: Line 115:
  
  
 +
 +===== DMARC (Domain-based Message Authentication, Reporting & Conformance) =====
 +
 +OpenDMARC sample configutation can be found [[https://github.com/trusteddomainproject/OpenDMARC/blob/master/opendmarc/opendmarc.conf.sample|here]].
 +
 +This is pretty easy to setup, just edit the **/etc/opendmarc/opendmarc.conf** file similar to the following:
 +<file - opendmarc.conf>
 +AuthservID mydomain.com
 +FailureReports true
 +RejectFailures false
 +SPFSelfValidate yes
 +Socket local:/var/run/opendmarc/opendmarc.sock
 +SoftwareHeader true
 +Syslog true
 +SyslogFacility mail
 +TrustedAuthservIDs mail.mydomain.com
 +HistoryFile /var/run/opendmarc/opendmarc.dat
 +UMask 0002
 +UserID opendmarc
 +PidFile /var/run/opendmarc/opendmarc.pid
 +</file>
 +
 +=== DNS record ===
 +
 +A DMARC DNS record can be pretty simple or pretty complex. [[https://mxtoolbox.com/dmarc/details/what-is-a-dmarc-record|this]] link can help explain it's format.
 +
 +The following is a simple example that you can start from:
 +<code>
 +_dmarc IN TXT ( "v=DMARC1; p=reject; rua=mailto:postmaster@mydomain.com; ruf=mailto:postmaster@mydomain.com" )
 +</code>
 +
 +where:
 +  * p: policy, you want reject here most probably
 +  * rua: email address to sent aggregate reports to (optional)
 +  * ruf: email address to sent failure reports to (optional)
 +
 +=== Postfix setup ===
 +
 +OpenDMARC acts as a //milter//, which means a mail filter, for Postfix. The postfix configuration described [[email:configure-postfix|here]] already include the required lines under the OpenDMARC setup comment.
 +
 +=== Start & Autostart OpenDMARC ===
 +
 +<code bash>
 +rc-update add opendmarc default
 +/etc/init.d/opendmarc start
 +</code>
  
  

This website uses technical cookies only. No information is shared with anybody or used in any way but provide the website in your browser.

More information