Tutoriel N° 2ba
Get 10/10 with Mail-tester
- Add SPF (add line in zone dns)
- Add DMARC (add line in zone dns)
- Add DKIM ( configure main.cf and opendkim.conf)
You need to have Postfix installed, else install it:
https://websiteforstudents.com/install-postfix-mta-on-ubuntu-16-04-17-10-18-04/
If you have Ovh release3, you neednt install dkim:
You need only start it:
/etc/init.d/opendkim start
Add dkim on other release
apt-get install opendkim opendkim-tools (if you need to install)
mkdir /var/spool/postfix/opendkim
chown opendkim: /var/spool/postfix/opendkim
usermod -aG opendkim postfix
nano /etc/postfix/main.cf
# only for ubuntu
#
# OpenDKIM
#
milter_protocol = 6
milter_default_action = accept
smtpd_milters = unix:/opendkim/opendkim.sock
non_smtpd_milters = unix:/opendkim/opendkim.sock
#
# OpenDKIM
#
milter_protocol = 6
milter_default_action = accept
smtpd_milters = unix:/opendkim/opendkim.sock
non_smtpd_milters = unix:/opendkim/opendkim.sock
# only for ovh release3 [it is by default]
#
# OpenDKIM
#
smtpd_milters = inet:localhost:8891
non_smtpd_milters = inet:localhost:8891
milter_default_action = accept
#
# OpenDKIM
#
smtpd_milters = inet:localhost:8891
non_smtpd_milters = inet:localhost:8891
milter_default_action = accept
mkdir -p /etc/opendkim/keys
nano /etc/opendkim/KeyTable
Replace domain.tld by your domain
mail._domainkey.domain.tld domain.tld:mail:/etc/opendkim/keys/domain.tld/mail.private
nano /etc/opendkim/SigningTable
*@domain.tld mail._domainkey.domain.tld
cd /etc/opendkim/keys
mkdir domain.tld && cd domain.tld
you can change 2048 by 1024 if you registrar refuse
opendkim-genkey -s mail -d domaine.tld -b 2048
chown opendkim:opendkim mail.private
cat mail.txt
You get your TXT and DKIM signature to add on your DNS ZONE:
if you use bind:
nano /var/named/domain.ltd.hosts
mail._domainkey IN TXT "v=DKIM1; k=rsa; p=YOUR PUBLIC KEY"
If your zone dns is on ovh, you need to add on panel ovh per example
For ovh:
https://www.ovh.com/manager/web/
nano /etc/opendkim.conf
Socket local:/var/spool/postfix/opendkim/opendkim.sock
OversignHeaders From
TemporaryDirectory /var/tmp
# for ubuntu only
Umask 000
# for ovh release3 only
#UMask 022
UserID opendkim:opendkim
OversignHeaders From
TemporaryDirectory /var/tmp
# for ubuntu only
Umask 000
# for ovh release3 only
#UMask 022
UserID opendkim:opendkim
Restart postfix/opendkim
/etc/init.d/postfix restart
/etc/init.d/opendkim restart
- Avoid some word in your email (free, buy ...)
- Make an email text / html
- Submit an email replyto
- Submit an email unsubscribelist
- Add a hostname
nano /etc/hostname
vps.xxx.ovh.net
domain.com
domain.com
nano /etc/hosts
127.0.0.1 localhost
ip_server vpsxxxxxx.ovh.net vpsxxxxxx
ip_server domain1.com user_domain1
ip_server domain2.com user_domain2
ip_server vpsxxxxxx.ovh.net vpsxxxxxx
ip_server domain1.com user_domain1
ip_server domain2.com user_domain2
nano /etc/postfix/main.cf
myhostname = domain.com
#myhostname = vpsxxxxxx.ovh.net
#myhostname = vpsxxxxxx.ovh.net
- Add a reverse
- If google add a red lock, you need to add TLS in your file configuration
nano /etc/postfix/main.cf
#
# TLS
smtp_tls_security_level = may
smtp_tls_loglevel = 1
# TLS
smtp_tls_security_level = may
smtp_tls_loglevel = 1
- You must not be blacklisted, otherwise make a request to no longer be blacklisted
You can check with the html source of google, you have an option "show original"
Relation links:
https://www.malekal.com/postfix-spf-dkim/
https://mondedie.fr/d/5750-Tuto-Installer-un-serveur-de-mail-avec-Postfix-Dovecot-et-Rainloop
