We need to add DKIM to increase mail potential respectability.
Instructions at https://help.ubuntu.com/community/Postfix/DKIM looks good to me.
Description
Description
Revisions and Commits
Revisions and Commits
| rOPS Nasqueron Operations | |||
| D833 | rOPSd78171d57fdb Deploy OpenDKIM on mail server | ||
Event Timeline
Comment Actions
SPF correctly configured through postfix-policyd-spf-python.
Configuration changes
/etc/postfix/main.cf
…
smtpd_recipient_restrictions =
permit_sasl_authenticated,
permit_mynetworks,
reject_unauth_destination,
reject_rbl_client zen.spamhaus.org,
reject_rbl_client bl.spamcop.net,
reject_rbl_client cbl.abuseat.org,
check_policy_service unix:private/policy-spf
…
# SPF
policy-spf_time_limit = 3600/etc/postfix/master.cf
…
policy-spf unix - n n - - spawn
user=nobody argv=/usr/bin/policyd-spfComment Actions
DKIM selectors will follow the dénomination systématique and so the first DNS entries will be unium._domainkey.domain.tld.
For example, unium._domainkey.nasqueron.org.
Comment Actions
DNS configuration
DKIM records
unium._domainkey.nasqueron.org. 86400 IN TXT "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDqztAxci4hQwKGHmNz5vfJt/jMuOR4Oc21yqH9U0oK6KBya/s57fxBV2LPYA2YLjqXLBESvAEZDqDYqUoi7LkSKJwz+lYiX5+G16NdeJn99ld2NyYTUPvV5gPufPpK3dtOKcJe+cSOyJDxuZALPGwWl9IbxXQTzn4X0g0BxL+xYwIDAQAB" unium._domainkey.dereckson.be. 86400 IN TXT "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDbntH7GqNIsJLsiLovuVh/8GcgQh072as5rZxosY2TLHxwXWdYH77C9k9wwgV8haVFEKfL1ng1pWYyNpb+awiVM/jg8Lvpn1dB7Ktx7BIUluGUov43U8Z8tqked5wjD4QYJkn2z2ajKuBxX7GprrNsuG6TMBZ/WStv4G8EfK2SOQIDAQAB" unium._domainkey.ook.space. 86400 IN TXT "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCt94UQORL/eaMisKLH8KGZ7JBrigfj4zaMUlJUTtYwZ90nrDiheXDmPVcXavOXHJMEGAFGzVho3q1U0S/K/uaLH9LklMbdsDivzG7gBtQvEMRCR48DEvvlMDGwt9w8RN5TV2Zld7iUTsJc0rK2LGCzVnXBpTXgB9nIY/j3U6Ny6wIDAQAB" unium._domainkey.wolfplex.be. 86400 IN TXT "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCx/6wtiSeU1H4UafEoFZsEm3eG9Yt2DmBbHEL0JOgwieQ1+/7H3K6VwXdEXsvFe3954TwlvBO/48KUdpB0fugbC6dbsEZqumk1GAq2jE6GrM6XMmfkQ0rPj1dhkURtuqQ0UDUMVLcf5QVy+XxjccOE2N9mp0G6YP5LhAM1EgHqYwIDAQAB"
Comment Actions
DKIM works according a port25 check.
----------------------------------------------------------
DKIM check details:
----------------------------------------------------------
Result: pass (matches From: leif@ook.space)
ID(s) verified: header.d=ook.space
Canonicalized Headers:
To:'20'check-auth@verifier.port25.com'0D''0A'
Subject:'20'Test'20'13:25'0D''0A'
Date:'20'Sat,'20'14'20'Jan'20'2017'20'13:25:33'20'+0100'0D''0A'
From:'20'leif@ook.space'0D''0A'
DKIM-Signature:'20'v=1;'20'a=rsa-sha256;'20'c=simple/simple;'20'd=ook.space;'20's=unium;'0D''0A'
'09't=1484396733;'20'bh=frcCV1k9oG9oKj3dpUqdJg1PxRT2RSN/XKdLCPjaYaY=;'0D''0A'
'09'h=To:Subject:Date:From:From;'0D''0A'
'09'b=
Canonicalized Body:
'0D''0A'
DNS record(s):
unium._domainkey.ook.space. 86400 IN TXT "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCt94UQORL/eaMisKLH8KGZ7JBrigfj4zaMUlJUTtYwZ90nrDiheXDmPVcXavOXHJMEGAFGzVho3q1U0S/K/uaLH9LklMbdsDivzG7gBtQvEMRCR48DEvvlMDGwt9w8RN5TV2Zld7iUTsJc0rK2LGCzVnXBpTXgB9nIY/j3U6Ny6wIDAQAB"
Public key used for verification: unium._domainkey.ook.space (1024 bits)
NOTE: DKIM checking has been performed based on the latest DKIM specs
(RFC 4871 or draft-ietf-dkim-base-10) and verification may fail for
older versions. If you are using Port25's PowerMTA, you need to use
version 3.2r11 or later to get a compatible version of DKIM.Tested also for nasqueron.org and wolfplex.be.