15. Adding DKIM to your email server | Hosting an email server for free
In this video we improve our sent email score to 8.9/10 by adding a DKIM to our Raspberry Pi and DNS server. This is the third phase of work towards making our emails end up in our recipients inbox and not their spam box.
The settings snippets I promise in the video is here. Please note that YouTube now has Markdown, so any text below starting with a # is considered a header. This clearly breaks the example settings, much of which contain #'s.
So, please note every comment # has a \ in front of it that will need *removing*, so make sure you copy and past this into a text editor, remove the \'s at the start and then paste in.
\# This is a basic configuration that can easily be adapted to suit a standard
\# installation. For more advanced options, see opendkim.conf(5) and/or
\# /usr/share/doc/opendkim/examples/opendkim.conf.sample.
\# Log to syslog
Syslog yes
\# Required to use local socket with MTAs that access the socket as a non-
\# privileged user (e.g. Postfix)
UMask 002
\# Sign for example.com with key in /etc/dkimkeys/dkim.key using
\# selector '2007' (e.g. 2007._domainkey.example.com)
\#Domain example.com
\#KeyFile /etc/dkimkeys/dkim.key
\#Selector 2007
\# Commonly-used options; the commented-out versions show the defaults.
Canonicalization simple
Mode sv
SubDomains no
AutoRestart yes
AutoRestartRate 10/1M
Background yes
DNSTimeout 5
SignatureAlgorithm rsa-sha256
\# Socket smtp://localhost
\#
\# ## Socket socketspec
\# ##
\# ## Names the socket where this filter should listen for milter connections
\# ## from the MTA. Required. Should be in one of these forms:
\# ##
\# ## inet:port@address to listen on a specific interface
\# ## inet:port to listen on all interfaces
\# ## local:/path/to/socket to listen on a UNIX domain socket
\#
\#Socket inet:8892@localhost
Socket local:/var/spool/postfix/opendkim/opendkim.sock
\## PidFile filename
\### default (none)
\###
\### Name of the file where the filter should write its pid before beginning
\### normal operations.
\#
PidFile /var/run/opendkim/opendkim.pid
\# Always oversign From (sign using actual From and a null From to prevent
\# malicious signatures header fields (From and/or others) between the signer
\# and the verifier. From is oversigned by default in the Debian pacakge
\# because it is often the identity key used by reputation systems and thus
\# somewhat security sensitive.
OversignHeaders From
\## ResolverConfiguration filename
\## default (none)
\##
\## Specifies a configuration file to be passed to the Unbound library that
\## performs DNS queries applying the DNSSEC protocol. See the Unbound
\## documentation at http://unbound.net for the expected content of this file.
\## The results of using this and the TrustAnchorFile setting at the same
\## time are undefined.
\## In Debian, /etc/unbound/unbound.conf is shipped as part of the Suggested
\## unbound package
\# ResolverConfiguration /etc/unbound/unbound.conf
\## TrustAnchorFile filename
\## default (none)
\##
\## Specifies a file from which trust anchor data should be read when doing
\## DNS queries and applying the DNSSEC protocol. See the Unbound documentation
\## at http://unbound.net for the expected format of this file.
TrustAnchorFile /usr/share/dns/root.key
\## Userid userid
\### default (none)
\###
\### Change to user "userid" before starting normal operation? May include
\### a group ID as well, separated from the userid by a colon.
\#
UserID opendkim
\# Map domains in From addresses to keys used to sign messages
KeyTable refile:/etc/opendkim/key.table
SigningTable refile:/etc/opendkim/signing.table
\# Hosts to ignore when verifying signatures
ExternalIgnoreList /etc/opendkim/trusted.hosts
\# A set of internal hosts whose mail should be signed
InternalHosts /etc/opendkim/trusted.hosts
And here...
\# Milter configuration
milter_default_action = accept
milter_protocol = 6
smtpd_milters = local:/opendkim/opendkim.sock
non_smtpd_milters = $smtpd_milters
-------------------------------------------------------------
If you have found my work helpful, would like to suggest content, receive support on my videos or have access to videos before they're released on YouTube, please visit my Patreon page below:
/ singleentity
-------------------------------------------------------------
This video is part of the DIY Hosting of a WordPress website video series, in which I show how to setup and host a WordPress website and an email server, complete with a comprehensive Continuous Integration pipeline on a Raspberry Pi.
Watch video 15. Adding DKIM to your email server | Hosting an email server for free online without registration, duration hours minute second in high quality. This video was added by user Raspberry Pi Coding 24 August 2020, don't forget to share it with your friends and acquaintances, it has been viewed on our site 2,724 once and liked it 94 people.