Skip to main content

Postfix mail server

The Postfix Home Page is http://www.postfix.org/ and Wietse Zweitze Venema is the creator.

practicehabits.net is on Google's G Suite and everything has been great so far. My task is setting up a separate SMTP server for sending marketing emails ONLY.

Install and configure postfix, opendkim, and opendmarc on an existing Arch Linux VM running on CloudCone.

  • Install Postfix
  • Configure Postfix
  • Update SPF DNS text record
  • Install OpenDKIM
  • Configure OpenDKIM
  • Add new DKIM DNS text record
  • Install OpenDMARC
  • Configure OpenDMARC
  • Update DMARC DNS text record
  • Verify

Install Postfix

$ pacman -Sy postfix

Configure Postfix

Postfix configuration file: /etc/postfix/main.cf

[tuyen@1 ~]$ grep ^[^#] /etc/postfix/main.cf
compatibility_level = 2
queue_directory = /var/spool/postfix
command_directory = /usr/bin
daemon_directory = /usr/lib/postfix/bin
data_directory = /var/lib/postfix
mail_owner = postfix
myhostname = mx1.practicehabits.net
mydomain = practicehabits.net
myorigin = $mydomain
unknown_local_recipient_reject_code = 550
alias_maps = hash:/etc/postfix/aliases
alias_database = $alias_maps


debug_peer_level = 2
debugger_command =
         PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
         ddd $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/bin/sendmail
newaliases_path = /usr/bin/newaliases
mailq_path = /usr/bin/mailq
setgid_group = postdrop
html_directory = no
manpage_directory = /usr/share/man
sample_directory = /etc/postfix
readme_directory = /usr/share/doc/postfix
inet_protocols = ipv4
meta_directory = /etc/postfix
shlib_directory = /usr/lib/postfix
smtpd_milters = unix:/run/opendkim/opendkim.sock, unix:/run/opendmarc/opendmarc.sock
non_smtpd_milters = unix:/run/opendkim/opendkim.sock, unix:/run/opendmarc/opendmarc.sock
milter_default_action = accept
[tuyen@1 ~]$

Update SPF DNS text record

Add SMTP server's IP Address to existing SPF DNS text record.

v=spf1 ip4:173.82.212.40 include:_spf.google.com -all

Install OpenDKIM

$ sudo pacman -Sy opendkim

Configure OpenDKIM

$ sudo mkdir /run/opendkim
$ sudo chown opendkim:postfix /run/opendkim

Generate key pair for OpenDKIM

$ opendkim-genkey -r -s opendkim -b 2048 -d practicehabits.net

Using content in generated opendkim.txt file to create DKIM DNS text record

OpenDKIM configuration file: /etc/opendkim/opendkim.conf

[tuyen@1 ~]$ sudo grep ^[^#] /etc/opendkim/opendkim.conf
[sudo] password for tuyen:
Domain          practicehabits.net
KeyFile         /etc/opendkim/opendkim.private
Selector        opendkim
Socket          unix:/run/opendkim/opendkim.sock
Syslog          Yes
UMask           002
UserID opendkim:postfix
[tuyen@1 ~]$

Add new DKIM DNS text record

Create a new DNS txt record for newly created DKIM selector.

Install OpenDMARC

$ sudo pacman -Sy opendmarc

Configure OpenDMARC

$ sudo mkdir /run/opendmarc
$ sudo chown opendmarc:postfix /run/opendmarc

OpenDMARC configuration file: /etc/opendmarc/opendmarc.conf

[tuyen@1 ~]$ sudo grep ^[^#] /etc/opendmarc/opendmarc.conf
AuthservID HOSTNAME
IgnoreAuthenticatedClients true
Socket unix:/run/opendmarc/opendmarc.sock
SPFSelfValidate true
UMask 002
[tuyen@1 ~]$

Verify

echo "Test: setup postfix, opendkim, and opendmarc" | mail -s "Verify: postfix, opendkim, opendmarc" username@gmail.com
Labels:

Popular posts from this blog

Powershell: Enable Firewall Log

We sometimes need to enable Windows firewall's log to troubleshoot. Here is how.
Read more

Powershell: head and tail command

Use head or tail to skim the first or last 5 lines.
Read more

MySQL: Notes

Ways to check MySQL version mysql --version mysql -V dpkg -l 'mysql-sever' mysql -u root -p How to check MySQL version: mysql --version Database folder On Microsoft Windows, by default, MySQL save databases in this folder: %ProgramData%\MySQL\MySQL Server 5.5\data Check databases' size SELECT table_schema AS "Database name", SUM(data_length + index_length) / 1024 / 1024 AS "Size (MB)" FROM information_schema.TABLES GROUP BY table_schema; Export database schema $ mysqldump -u root -p --no-data wordpress1001 > c:\backup\schema-wordpress1001.sql Enter password: **************** Create a dedicated user to backup databases Give credit to: http://www.fromdual.com/privileges-of-mysql-backup-user-for-mysqldump Create dedicated mysql user and grant privileges to run backup $ mysql -u root -p CREATE USER 'backupdb'@'localhost' IDENTIFIED BY 'passwordhere'; GRANT SELECT,SHOW VIEW,RELOAD,REPLICATION CLIENT...
Read more