User Tools

This is an old revision of the document!

Configure proper mail delivery

You need access to your domain DNS records, this is mandatory.

SPF (Sender Policy Framework)

SPF works both outbound and inbound

SPF Outbound

This is the most difficult, but critical step. You need to add to your DNS a TXT record shaped like this: 

mydomain.com.  IN TXT  "v=spf1 +a +mx +ptr -all"

This record specify who is allowed to send email for the mydomain.com domain and who is not allowed to. Anything with a + is allowed while with a - is not allowed.

For the above example:

  • v=spf1: the type (SPF) and version (1) of the record
  • a: refer to mydomain.com
  • mx: refer to the mx record of the domain
  • ptr: refer to mydomain.com reverse hostname
  • -all: anybody. Always always always put -all as the last part of the record.

In short, the above record allow only our mx record and main domain to send emails for mydomain.com, while everybody else is not allowed. So, email providers that follow SPF standard will reject any email sent as mydomain.com sender if not coming from mydomain.com or mail.mydomain.com (i am assuming mail is your mx record).

This will be enough to protect your outgoing email from being flagged as spam.

SPF Inbound

You have already installed Engine-SPF which is a very nice python script that acts as a mail filter and, if added to Postfix chain, will automatically do the SPF check on incoming email for you and flag it as spam if it breaks the SPF rules.

There is nothing to configure! If you followed this page, it's already setup.

DKIM (Domain Keys Identified Mail)

Run the following command to configure DKIM the first time: 

emerge --ask --config opendkim

This command will ask you the selector: input your domain name (mydomain.com).

Note the output: 

 emerge --ask --config opendkim


Ready to configure mail-filter/opendkim-2.10.3-r32? [Yes/No] yes

Enter the selector name (default external.mydomain.com): mydomain.com

 * Make sure you have the following settings in your /etc/opendkim/opendkim.conf:
 *   Keyfile /var/lib/opendkim/mydomain.com.private
 *   Selector mydomain.com

 * If you are using Postfix, add following lines to your main.cf:
 *   smtpd_milters         = unix:/run/opendkim/opendkim.sock
 *   non_smtpd_milters = unix:/run/opendkim/opendkim.sock
 *   and read http://www.postfix.org/MILTER_README.html
 * After you configured your MTA, publish your key by adding this TXT record to your domain:
mydomain.com._domainkey  IN      TXT     ( "v=DKIM1; k=rsa; "
          "p=<mykey>" )  ; ----- DKIM key mydomain.com for (your domain)
 * t=y signifies you only test the DKIM on your domain. See following page for the complete list of tags:
 *   https://www.rfc-editor.org/rfc/rfc6376.html#section-3.6.1

Now, setup the DNS record as specified by the output of the command.

This website uses technical cookies only. No information is shared with anybody or used in any way but provide the website in your browser.

More information