More and more large companies are implementing more restrictive email policies to fight increasing SPAM. These are mainly DMARC. Such companies include Yahoo, Cox, Verizon, and others.
As this happens, some of your legitimate email may be rejected because email servers are more restrictive.
In order to minimize the probability of your email being rejected, the following describes how to implement Sender Policy Framework (SPF) and DKIM on your already running Postfix mail server.
Prerequisites
Before you start, there are a few assumptions:
1. You have your own domain and run your own mail server.
2. Your server is running on Linux, preferrably Ubuntu or Debian.
3. You are using Postfix for your email server.
Configuring SPF with your correct DNS PTR record
Step 1: Find out your PTR Record
First you need to find out what the DNS PTR name for your server is. This is important because some mail servers will reject email from your server if the PTR returned matches what is in the SPF record. If they do not match, the mail will be rejected.
More info is available under: reverse DNS lookup.
The easiest way is to use the PTR record provided by your host. For example, if you are using Linode, the name will be something like liXXX-YYY.members.linode.com, where XXX and YYY are numbers.
Step 2: Generate an SPF record
The easiest way to generate an SPF record is using the SPF Wizard, then adding the PTR to it by adding:
include:liXXX-YYY.members.linode.com
Step 3: Configure SPF in a TXT record
In your DNS, create a new TXT record as follows, with no host name.
v=spf1 mx a include:_spf.google.com include:liXXX-YYY.members.linode.com ~all
Configuring OpenDKIM with Postfix
The configuration below assumes that you have the Postfix mail server already configured and working.
Step 1: Install the opendkim package
aptitude install opendkim
Step 2: Configure Postfix for opendkim
Edit /etc/postfix/main.cf, and change the following:
myhostname = liXXX-YYY.members.linode.com
milter_default_action = accept
milter_protocol = 2
smtpd_milters = inet:localhost:8891
non_smtpd_milters = inet:localhost:8891
Step 3: Edit the file /etc/mailname
Edit the /etc/mailname file, and put in it the canonical host name, which is the same as the PTR name above: liXXX-YYY.members.linode.com
Step 4: Generate a DKIM key
opendkim-genkey -t -s mail
Step 5: Copy it where opendkim will find it
cp mail.private /etc/opendkim/mail.private
Step 6: Add DKIM to your DNS
First, show the contents of the public DKIM key, so that you can add it in your domain's TXT field
cat mail.txt
Then in your DNS, add another TXT record with name "mail._domainkey" as follows:
v=DKIM1; k=rsa; t=y;
p=...
;
Replace the "..." above with your real public DKIM key.
Restart the services on your host
Finally, restart opendkim and Postfix, and then test your email, and review your logs.
service opendkim restart
service postfix restart
You should see less email being rejected now.
Most Comments
Most commented on articles ...