DKIM

Howto: Setup postfix bulk email server with sasl authentication

Posted on Updated on

As per the project requirment I need to provide bulk email server and have to give valid records for avoid spamming, the DNS records like Reverse lookup, DKIM record , SPF record and Authentication.

I followed the below application for setup the server
1, Postfix – MTA
2, Opendkim – Key identifier
3, dovcot for – SASL authentication
4, Reverse lookup – have the setup from DataCenter where the server is located
Install the necessary package from the repository

yum install dovecot opendkim postfix openssl -y

1, Postfix Configuration

Verify the required given configurations are enabled in the configuration file /etc/postfix/main.cf

smtpd_banner = Welcom to $myhostname.$mydomain ESMTP $mail_name
 biff = no
 append_dot_mydomain = no
 readme_directory = no
 myhostname = smtp01-planetcure.in
 mydomain = planetcure.in
 myorigin = $mydomain
 alias_maps = hash:/etc/aliases
 alias_database = hash:/etc/aliases
 mydestination = localhost.localdomain, , localhost
 mynetworks = 0.0.0.0/0, 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
 mailbox_size_limit = 0
 recipient_delimiter = +
 inet_interfaces = all
 home_mailbox = Maildir/

2, Configure opendkim
Verify the required given configurations are enabled in the configuration file /etc/opendkim.conf

 TemporaryDirectory /var/tmp
 PidFile /var/run/opendkim/opendkim.pid
 Mode sv
 Syslog yes
 SyslogSuccess yes
 LogWhy yes
 UserID opendkim:opendkim
 Socket inet:8891@localhost
 Umask 002
 Canonicalization relaxed/relaxed
 Domain cloud.planetcure.in
 Selector cloud
 MinimumKeyBits 1024
 KeyFile /etc/opendkim/keys/planetcure.in/cloud.private
 KeyTable /etc/opendkim/KeyTable
 SigningTable refile:/etc/opendkim/SigningTable
 ExternalIgnoreList refile:/etc/opendkim/TrustedHosts
 InternalHosts refile:/etc/opendkim/TrustedHosts
 SignatureAlgorithm rsa-sha256

Now append the DKIM configurtion with the existing postix setting in /etc/postfix/main.cf

smtpd_milters = inet:127.0.0.1:8891
non_smtpd_milters = $smtpd_milters
milter_default_action = accept
milter_protocol = 2

Generating DKIM keys

1, Create User for starting deamon

useradd -r -g opendkim -G mail -s /sbin/nologin -d /var/run/opendkim -c "OpenDKIM" opendkim

2, Create Key store directory and previleges

mkdir -p /etc/opendkim/keys/planetcure.in/
chown -Rv opendkim:opendkim /etc/opendkim
chmod u=rw,go-rwx /etc/opendkim/*
chmod -R u=rw,go-rwx /etc/opendkim/keys/*

3, Generate DKIM Keys

opendkim-genkey -D /etc/opendkim/keys/planetcure.in/ -d planetcure.in -s cloud

I generated the keys inside the specified directory, cloud.txt contains the Key which need to be update in the DNS

-rw-------. 1 opendkim opendkim 887 Aug 30 09:19 cloud.private
-rw-------. 1 opendkim opendkim 315 Aug 30 09:19 cloud.txt
cat cloud.txt
cloud._domainkey IN TXT ( "v=DKIM1; k=rsa; "
"p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDA5K5BLNxFZIN43LWjmq7X2h3RW2md6o+Wn6F8lnMvWx/SUZ6FWf9kwkid/JRbEI0PBjgFo6/f6N0+c3j/7WAEH6R81S+X9fo+58eX1RafyNIAofU0PQKQcUKRBWgfNYA5En7DUoVWZpy2ZhbHutTI96U3A4HjDVksm45VWyoTIwIDAQAB" ) ; ----- DKIM key cloud for planetcure.in

4, Update the SigningTable,TrustedHosts KeyTable for the domain planetcure.in

Keys: /etc/opendkim/keys/planetcure.in/

KeyTables: /etc/opendkim/KeyTable

cloud._domainkey.planetcure.in planetcure.in:cloud:/etc/opendkim/keys/planetcure.in/cloud.private

SigningTable : /etc/opendkim/SigningTable

planetcure.in cloud._domainkey.planetcure.in
*@planetcure.in cloud._domainkey.planetcure.in

TrustedHosts: /etc/opendkim/TrustedHosts

127.0.0.1
planetcure.in
smtp01.planetcure.in
172.31.32.0/20

Thas all with the opendkim, now verify the keys use the below command

opendkim-testkey -vvv -d planetcure.in -k /etc/opendkim/keys/planetcure.in/cloud.private -s cloud

3, Configure Dovecot

Append existing entries for service auth with given entries in the file /etc/dovecot/conf.d/10-master.conf

service auth {
unix_listener /var/spool/postfix/private/auth {
mode = 0660
user = postfix
group = postfix
}
}

If all done from the steps, now time to restart the servers

#service dovecot restart
#service opendkim restart
#service postfix restart

Add new user for the authentication,

#useradd -M SMTPAUTH
#passwd SMTPAUTH

verify the installation

echo $(date) | mailx -v -s "test_subject_1" -S smtp=smtp://smtp01.planetcure.in:25 -S smtp-auth-user=SMTPAUTH -S smtp-auth-password="yzBuffrtkqezfkwO6amcuhh6" -S smtp-auth=login -S from="no-reply@planetcure.in(Intra Domain)" anandbabu.tn@gmail.com/
tail -f /var/log/maillog
Jan 9 14:33:40 mta-smtp01 postfix/smtpd[4126]: F246861F2A: client=ip-172-31-9-166.us-west-1.compute.internal[172.31.9.166], sasl_method=LOGIN, sasl_username=SMTPAUTH
Jan 9 14:33:41 mta-smtp01 postfix/cleanup[4062]: F246861F2A: message-id=<54afe6c4.4kZNDOCtBpe5ROvd%no-reply@planetcure.in>
Jan 9 14:33:41 mta-smtp01 opendkim[32439]: F246861F2A: DKIM-Signature field added (s=cloud, d=planetcure.in)
Jan 9 14:33:41 mta-smtp01 postfix/qmgr[1119]: F246861F2A: from=<no-reply@planetcure.in>, size=631, nrcpt=1 (queue active)
Jan 9 14:33:41 mta-smtp01 postfix/smtp[4063]: F246861F2A: to=<anandbabu.tn@gmail.com>, relay=mx3.hotmail.com[65.55.33.119]:25, delay=0.6, delays=0.09/0/0.08/0.43, dsn=2.0.0, status=sent (250 <54afe6c4.4kZNDOCtBpe5ROvd%no-reply@planetcure.in> Queued mail for delivery)
Jan 9 14:33:41 mta-smtp01 postfix/qmgr[1119]: F246861F2A: removed
Don't forget to request reverse DNS for the server IP, it should resolve like this.
444.333.222.11.in-addr.arpa domain name pointer smpt01.planetcure.in

4, Reverse DNS

Don’t forget to request reverse DNS for the server IP, it should resolve like this.
444.333.222.11.in-addr.arpa domain name pointer smpt01.planetcure.in

Advertisements