Recently one of my friends is setting up mutliple outbound SMTP servers for his project. But He does not have enough domain access and his primary domain is already being using another DKIM Keys (default._domainkey) for business email purpose.
His challenge is to seup another trusted outbound email server without affecting the primary Email configuration.
Requirement
1. Trusting another subdomain for sending outboud email
2. Adding SPF record for this subdomain.
3. Create a separate DKIM txt for this subdomain.
Hope you have completed OpenDKIM server using this link http://www.serveridol.com/2012/02/17/opendkim-configuring-dkim-keys-on-postfix/
Here I’m using a test domain planetcure.in for this attempt.
Following things has to be done.
a. a Create new selector for new outbound server.
opendkim-genkey -D /etc/opendkim/keys/cloud.planetcure.in/ -d cloud.planetcure.in -s cloud
chown -R opendkim.opendkim /etc/opendkim/keys/cloud.planetcure.in
cp /etc/opendkim/keys/cloud.planetcure.in/cloud.private /etc/opendkim/keys/default
Note : This is the file “/etc/opendkim/keys/default” which OpenDKIM init script is using. So that we need to overwrite it with new selector.
b. Update the Keytable entry (/etc/opendkim/KeyTable).
While you declaring the private key file in KeyTable file, you may need to mention the which selector to be used for this subdomain. Here I’m using the selector name to “cloud“. Pls note that name is mention in between the domain name and Key file location added in the KeyTable.
cloud._domainkey.cloud.planetcure.in cloud.planetcure.in:cloud:/etc/opendkim/keys/cloud.planetcure.in/default
cloud._domainkey.cloud.planetcure.in cloud.planetcure.in:cloud:/etc/opendkim/keys/cloud.planetcure.in/default
It is very important that you mention the selector (here cloud) name in between the domain key DNS and private key file mention in the KeyTable.
c. Restart Both OpenDKIM and postfix service
D. DNS update to be set for planetcure.in
1. Create a DNS subdomain (cloud.planetcure.in) record for email server. Set a FQDN for outbound SMTP (mail01.planecure.in)
2. Set spf record which includes the outbound server ip and your FQDN hostname. You may use Microsft SPF record for creating SPF easily.
cloud v=spf1 a ptr ip4:54.183.196.52 mx:mail.planetcure.in ~all
3. Create a DKIM key record “cloud._domainkey.cloud” using the txt file and set the value inside the folder in which you created Public key (/etc/opendkim/keys/cloud.planetcure.in/cloud.txt)
Note : you need to copy the string value starting from the letter “p” ie “p=MIGfMA0GCSq” without quotes.
cloud._domainkey.cloud p=MIGfMA0GCS......... phKwoRwIDAQAB
4. set another TXT record for “adsp._domainkey” having the value “dkim=unknown”
adsp._domainkey dkim=unknown
You almost done now !! It’s the time to test.
How do I verify my DKIM both system and DNS are working correctly locally
opendkim-testkey: using default configfile /etc/opendkim.conf
opendkim-testkey: key loaded from /etc/opendkim/keys/cloud.planetcure.in/default
opendkim-testkey: checking key 'cloud._domainkey.cloud.planetcure.in'
opendkim-testkey: key not secure
opendkim-testkey: key OK
[root@smtp ec2-user]#
How do I check the sfp values are set properly
cloud.planetcure.in descriptive text "v=spf1 ip4:54.183.196.52 include:hotmail.com mx:mail.planetcure.in mx:cloud.planetcure.in ~all"
[root@smtp ec2-user]#
How do I check DKIM Key DNS is properly set
"p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDSqIpvZUOo+u2Rn014lAXYesTye6Vki/3yNO0h2Oy9wC8ApevWQ7eA9OpWdaXWS+LsJb2mer961rvQdBA1ACXieZgfUBcmudcDionMugGCsY6hD358IuMcNh5yr0s7xk5z4HBvU2SDXcSSMu6TB45n6sIRjbqJu3lAVDuphKwoRwIDAQAB"
[root@smtp ec2-user]#
This shows you have a perfect setup at DNS side. Now it’s the time to verify new “selector” is signed with all the outgoing emails.
Sending a test mail using SendEmail commandline tool
Aug 30 14:58:56 smtp sendEmail[970]: Email was sent successfully! From: <no-reply@cloud.planetcure.in> To: <liju@serveridol.com> Cc: <opendkim@serveridol.com> Subject: [DKIM Key setup for Subdomain] Server: [localhost:25]
Verifying the signature and selector is added to each mail.
Aug 30 14:59:01 ip-10-170-25-242 postfix/smtpd[936]: 7741160EB4: client=localhost[::1], sasl_method=LOGIN, sasl_username=test
Aug 30 14:59:01 ip-10-170-25-242 postfix/cleanup[946]: 7741160EB4: message-id=<5401e6b5.1tNp6oomxi5gPCGs%no-reply@cloud.planetcure.in>
Aug 30 14:59:01 ip-10-170-25-242 opendkim[32326]: 7741160EB4: DKIM-Signature field added (s=cloud, d=cloud.planetcure.in)
Aug 30 14:59:01 ip-10-170-25-242 postfix/qmgr[32424]: 7741160EB4: from=<no-reply@cloud.planetcure.in>, size=596, nrcpt=1 (queue active)
Aug 30 14:59:01 ip-10-170-25-242 postfix/smtpd[936]: disconnect from localhost[::1]
Aug 30 14:59:01 ip-10-170-25-242 postfix/smtp[948]: connect to gmail-smtp-in.l.google.com[2607:f8b0:400e:c04::1b]:25: Network is unreachable
Leave a Reply