Leaky: Added postfix notes

2018-10-16T07:33:38Z

Added postfix notes

New page

== DKIM ==

DKIM notes copied from https://www.linuxtechi.com/configure-domainkeys-with-postfix-on-centos-7/ (in case they disappear).

Enable EPEL repo

# yum install epel-release

Install OpenDKIM package and generate the default keys

# yum install -y opendkim
# opendkim-default-keygen
Generating default DKIM keys:
Default DKIM keys for freshdaymall.com created in /etc/opendkim/keys.
#

In /etc/opendkim/keys/ are two files - default.private (used for signing the emails) and default.txt (public key to be published in DNS). A selector 'default' is created.

Edit the following config files:

* /etc/opendkim.conf

Mode sv
Socket inet:8891@127.0.0.1
Canonicalization relaxed/simple
Domain ''yourdomain.com''
#KeyFile /etc/opendkim/keys/default.private
KeyTable refile:/etc/opendkim/KeyTable
SigningTable refile:/etc/opendkim/SigningTable
ExternalIgnoreList refile:/etc/opendim/TrustedHosts
InternalHosts refile:/etc/opendkim/TrustedHosts

* /etc/opendkim/KeyTable

default._domainkey.''yourdomain.com'' ''yourdomain.com'':default:/etc/opendkim/keys/default.private

* /etc/opendkim/SigningTable

*@''yourdomain.com'' default._domainkey.''yourdomain.com''

* /etc/opendkim/TrustedHosts

127.0.0.1
''host.yourdomain.com''
''yourdomain.com''

Add the following three lines to the end of /etc/postfix/main.cf

smtpd_milters = inet:127.0.0.1:8891
non_smtpd_milters = $smtpd_milters
milter_default_action = accept

Restart all the services

systemctl start opendkim
systemctl enable opendkim
systemctl restart postfix

Add the contents of /etc/opendkim/keys/default.txt to the DNS for ''yourdomain.com'' and make sure that the zone has been reloaded.

Send a test email:

# sendmail -fyou@yourdomain.com -t
To: you@externaldomain.com
From: you@yourdomain.com
Subject: DKIM test with Postfix MTA

Test
.

Check the maillog:

Oct 15 13:07:11 host opendkim[3530]: 34D25401AE: DKIM-Signature field added (s=default, d=yourdomain.com)

Testing it:

Try the site at http://www.appmaildev.com/en/dkim/

== Configure Postfix to block outgoing email to all but one domain ==

This is useful on demo systems where you don't want to be sending most email but still require the ability to send emails to a particular domain or two.

The correct way is to use Transport Mapping. Check <code>/etc/postfix/main.cf</code> for a transport_maps option. If there is one already, make a note of the filename in use and substitute that in the rest of these instructions. If there isn't one, add the following to main.cf

transport_maps = hash:/etc/postfix/transport

CentOS7 Postfix ships with a template transport file - either replace or append:

yourdomain.com :
localhost :
* discard:

This will allow emails to localhost or yourdomain.com but nowhere else. You'll see in /var/log/maillog the process postfix/discard instead of postfix/smtp when dropping emails. Add whatever other domains might be required to the file. If you want a bounce, you can use something like this instead of <code>* discard:</code>

* error:Outgoing mail blocked

Rebuild the transport hash using:

postmap /etc/postfix/transport

After changing the config, restart the postfix service - this is not required if you're just changing the transport map.

service postfix restart

Postfix - Revision history

Leaky: Added postfix notes