Postfix

From Leaky
Revision as of 07:33, 16 October 2018 by Leaky (talk | contribs) (Added postfix notes)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

DKIM

DKIM notes copied from https://www.linuxtechi.com/configure-domainkeys-with-postfix-on-centos-7/ (in case they disappear).

Enable EPEL repo 

# yum install epel-release

Install OpenDKIM package and generate the default keys 

# yum install -y opendkim
# opendkim-default-keygen
Generating default DKIM keys:
Default DKIM keys for freshdaymall.com created in /etc/opendkim/keys.
#

In /etc/opendkim/keys/ are two files - default.private (used for signing the emails) and default.txt (public key to be published in DNS). A selector 'default' is created.

Edit the following config files:

  • /etc/opendkim.conf
Mode sv
Socket inet:8891@127.0.0.1
Canonicalization relaxed/simple
Domain yourdomain.com
#KeyFile /etc/opendkim/keys/default.private
KeyTable refile:/etc/opendkim/KeyTable
SigningTable refile:/etc/opendkim/SigningTable
ExternalIgnoreList refile:/etc/opendim/TrustedHosts
InternalHosts refile:/etc/opendkim/TrustedHosts
  • /etc/opendkim/KeyTable
default._domainkey.yourdomain.com yourdomain.com:default:/etc/opendkim/keys/default.private
  • /etc/opendkim/SigningTable
*@yourdomain.com default._domainkey.yourdomain.com
  • /etc/opendkim/TrustedHosts
127.0.0.1
host.yourdomain.com
yourdomain.com

Add the following three lines to the end of /etc/postfix/main.cf 

smtpd_milters = inet:127.0.0.1:8891
non_smtpd_milters = $smtpd_milters
milter_default_action = accept

Restart all the services 

systemctl start opendkim
systemctl enable opendkim
systemctl restart postfix

Add the contents of /etc/opendkim/keys/default.txt to the DNS for yourdomain.com and make sure that the zone has been reloaded.

Send a test email: 

# sendmail -fyou@yourdomain.com -t
To: you@externaldomain.com
From: you@yourdomain.com
Subject: DKIM test with Postfix MTA

Test
.

Check the maillog: 

Oct 15 13:07:11 host opendkim[3530]: 34D25401AE: DKIM-Signature field added (s=default, d=yourdomain.com)

Testing it:

Try the site at http://www.appmaildev.com/en/dkim/

Configure Postfix to block outgoing email to all but one domain

This is useful on demo systems where you don't want to be sending most email but still require the ability to send emails to a particular domain or two.

The correct way is to use Transport Mapping. Check /etc/postfix/main.cf for a transport_maps option. If there is one already, make a note of the filename in use and substitute that in the rest of these instructions. If there isn't one, add the following to main.cf 

transport_maps = hash:/etc/postfix/transport

CentOS7 Postfix ships with a template transport file - either replace or append: 

yourdomain.com :
localhost :
* discard:

This will allow emails to localhost or yourdomain.com but nowhere else. You'll see in /var/log/maillog the process postfix/discard instead of postfix/smtp when dropping emails. Add whatever other domains might be required to the file. If you want a bounce, you can use something like this instead of * discard: 

* error:Outgoing mail blocked

Rebuild the transport hash using: 

postmap /etc/postfix/transport

After changing the config, restart the postfix service - this is not required if you're just changing the transport map. 

service postfix restart
Retrieved from "https://wiki.leaky.org/index.php?title=Postfix&oldid=369"