User Tools

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
email:configure-dkim-spf-dmarc [2025/03/06 07:08] – [DMARC (Domain-based Message Authentication, Reporting & Conformance)] willyemail:configure-dkim-spf-dmarc [2025/06/13 12:43] (current) willy
Line 1: Line 1:
-====== Configure proper mail delivery ======+====== I) Configure proper mail delivery ======
  
 You need access to your domain DNS records, this is mandatory. You need access to your domain DNS records, this is mandatory.
Line 63: Line 63:
 === Socket Setup === === Socket Setup ===
  
-For security reasons you want the DKIM keys not to be readable by Postfix, but you want Postfix capable to access the OpenDKIM socket or it would not be possible to actually sign any outbound email at all. The default Gentoo users setup is not ideal for this, as you either let Postfix access the keys by adding it to the //opendkim// group or let OpenDKIM accesso postfix configuration by addig it to the //postfix// group.+For security reasons you want the DKIM keys not to be readable by Postfix, but you want Postfix capable to access the OpenDKIM socket or it would not be possible to actually sign any outbound email at all. The default Gentoo users setup is not ideal for this, as you either let Postfix access the keys by adding it to the //opendkim// group or let OpenDKIM access postfix configuration by addig it to the //postfix// group.
  
 The solution is to add a new group, called **dkimsocket**, add the user //postfix// to it, then replace opendkim default group with it so that the socket gets created with the proper ownership: The solution is to add a new group, called **dkimsocket**, add the user //postfix// to it, then replace opendkim default group with it so that the socket gets created with the proper ownership:
Line 136: Line 136:
 PidFile /var/run/opendmarc/opendmarc.pid PidFile /var/run/opendmarc/opendmarc.pid
 </file> </file>
 +
 +=== DNS record ===
 +
 +A DMARC DNS record can be pretty simple or pretty complex. [[https://mxtoolbox.com/dmarc/details/what-is-a-dmarc-record|this]] link can help explain it's format.
 +
 +The following is a simple example that you can start from:
 +<code>
 +_dmarc IN TXT ( "v=DMARC1; p=reject; rua=mailto:postmaster@mydomain.com; ruf=mailto:postmaster@mydomain.com" )
 +</code>
 +
 +where:
 +  * p: policy, you want reject here most probably
 +  * rua: email address to sent aggregate reports to (optional)
 +  * ruf: email address to sent failure reports to (optional)
  
 === Postfix setup === === Postfix setup ===

This website uses technical cookies only. No information is shared with anybody or used in any way but provide the website in your browser.

More information