official nimbu blog

Setting up a postifx outbound mail server with SPF, DomainKey and DKIM support

Make sure you enable the firewall first:
sudo apt-get install ufw && sudo ufw enable

sudo apt-get install postfix dk-filter dkim-filter
openssl genrsa -out private.key 1024
openssl rsa -in rsa.private -out public.key -pubout -outform PEM
sudo mv private.key /etc/mail/example.key

/etc/postfix/main.cf

# INTERNET HOST AND DOMAIN NAMES
myhostname = mail.example.com

# SENDING MAIL
myorigin = $mydomain

# RECEIVING MAIL
inet_interfaces = all
mydestination = $myhostname, localhost.$mydomain, localhost
unknown_local_recipient_reject_code = 550
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128

# ALIAS DATABASE
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases

# DKIM and DomainKey filters
milter_default_action = accept
milter_protocol = 2
smtpd_milters = inet:localhost:8891,inet:localhost:8892
non_smtpd_milters = inet:localhost:8891,inet:localhost:8892

/etc/default/dk-filter

# Sign for example.com with key in /etc/mail/example.key using
# selector 'mail' (e.g. mail._domainkey.example.com)
DAEMON_OPTS="$DAEMON_OPTS -l -i /etc/dkim-hosts.conf -d example.com -s /etc/mail/example.key -S mail"
SOCKET="inet:8892@localhost"

/etc/dkim-filter.conf

Syslog            yes
# Sign for example.com with key in /etc/mail/example.key using
# selector 'mail' (e.g. mail._domainkey.example.com)
Domain            example.com
KeyFile            /etc/mail/example.key
Selector          mail
InternalHosts        /etc/dkim-hosts.conf

/etc/dkim-hosts.conf

127.0.0.1
192.168.0.1

DNS Entries

_domainkey.example.com TXT "o=~\; r=contact@example.com"
mail._domainkey.example.com TXT "k=rsa\; p={public-key-here}"
example.com TXT "v=spf1 ip4:xx.xx.xx.xx -all"

Test

Restart everything (postfix, dk-filter, dkim-filter) and then test using:

mail -s 'testing domain keys' check-auth2@verifier.port25.com

You should get a report back that looks something like:

==========================================================