Monthly Archives: November 2024

Configure SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail) for your email server – Postfix in Ubuntu

Leave a reply

To configure SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail) for your email server, follow these steps:

1. Configure SPF Record

SPF allows you to specify which mail servers are authorized to send email for your domain.

Step 1.1: Add an SPF Record

You need to create a DNS TXT record for your domain. This record specifies which servers can send emails on behalf of your domain.

Example:

Your SPF record would look like this:

Copy Code 


v=spf1 ip4:YOUR_PUBLIC_IP -all

  • v=spf1: Indicates the version of SPF.
  • ip4:YOUR_PUBLIC_IP: Specifies the authorized server’s IP address.
  • -all: Indicates that all other servers are unauthorized.

Add this record to your DNS zone file:

  1. Log in to your DNS management console.
  2. Add a new TXT record:
    • Name: @ (or your domain name portalapp.link).
    • Value: v=spf1 ip4:YOUR_PUBLIC_IP -all.
    • TTL: 3600 seconds (or default).
  3. Save the changes.

Step 1.2: Verify the SPF Record

Use an online SPF checker or run the following command to verify:

Copy Code 


dig TXT YOUR_DOMAIN_NAME

You should see your SPF record in the output.

2. Configure DKIM

DKIM uses cryptographic signatures to verify that emails have not been altered.

Step 2.1: Generate DKIM Keys

Use the opendkim package to generate DKIM keys.

  1. Install opendkim:
    Copy Code 
    

    sudo apt install opendkim opendkim-tools

  2. Generate a Key Pair: Replace default with a selector name of your choice.
    Copy Code 
    

    sudo opendkim-genkey -t -s default -d YOUR_DOMAIN_NAME

    This will generate two files:

    • default.private: Your private key (used by the server).
    • default.txt: The public key (added to your DNS).
  3. Move the Private Key: Move the private key to a secure location (e.g., /etc/opendkim/keys):
    Copy Code 
    

    sudo mkdir -p /etc/opendkim/keys sudo mv default.private /etc/opendkim/keys/ sudo chmod 600 /etc/opendkim/keys/default.private

Step 2.2: Configure OpenDKIM

Edit the OpenDKIM configuration files.

  1. Edit /etc/opendkim.conf: Add or modify the following lines:
    Copy Code 
    

    AutoRestart Yes
AutoRestartRate 10/1h
Umask 002
Syslog yes
LogWhy yes
Canonicalization relaxed/simple
Domain YOUR_DOMAIN_NAME
Selector default
KeyFile /etc/opendkim/keys/default.private
Socket inet:12345@localhost

  2. Edit /etc/default/opendkim: Uncomment or set the following line to match the socket in opendkim.conf:
    Copy Code 
    

    SOCKET="inet:12345@localhost"

  3. Restart OpenDKIM:
    Copy Code 
    

    sudo systemctl restart opendkim

Step 2.3: Add DKIM Record to DNS

  1. Open the default.txt file created earlier:
    Copy Code 
    

    cat default.txt

    It will look something like this:

    Copy Code 
    

    default._domainkey.YOUR_DOMAIN_NAME. IN TXT "v=DKIM1; k=rsa; p=MIIBIjANB..."

  2. Add a DNS TXT record:
    • Name: default._domainkey.
    • Value: Paste the entire value from default.txt.
    • TTL: 3600.
  3. Save the changes.

3. Test SPF and DKIM

After updating DNS records, verify SPF and DKIM using online tools:

4. Optional: Configure DMARC

DMARC allows you to specify how mail servers handle emails failing SPF or DKIM checks.

  1. Add a DNS TXT record for DMARC:
    • Name: _dmarc.
    • Value:
      v=DMARC1; p=quarantine; rua=mailto:postmaster@YOUR_DOMAIN_NAME; ruf=mailto:postmaster@YOUR_DOMAIN_NAME
    • TTL: 3600.
  2. Save the changes.

5. Restart Postfix

Finally, restart Postfix to apply all changes:

Copy Code 


sudo systemctl restart postfix

Your server should now be configured to send emails with SPF, DKIM, and optionally DMARC validation. Let me know if you encounter any issues!

Creating first composer.json file for project

Leave a reply

Generating your first composer.json file for your project.

Please download Composer first and install it on your computer. Composer can be downloaded from https://getcomposer.org/download/

Go to your project root folder and create a composer.json file with the following components. The basic components of a composer.json file are as follows. Alternatively, you can use the code below and edit it to suit your project.

 

  1. name:
    • Format: "vendor/package-name".
    • vendor is typically your username or organization name, and package-name is the project’s name.
  2. description:
    • A brief description of the project’s purpose.
  3. type:
    • Defines the type of the package, which can be "project" (for applications) or "library" (for reusable libraries). Setting it to "project" is typical when creating standalone applications.
  4. require:
    • Lists dependencies with version constraints.
    • Commonly includes "php" to specify compatible PHP versions and other required packages.
  5. autoload:
    • Defines the autoloading standard for project classes.
    • psr-4 autoloading is standard and maps namespaces to directories. In this example, "App\\" namespace corresponds to the src/ directory, making classes in src/ accessible under the App namespace.
  6. scripts (optional):
    • Allows custom scripts, like running tests. For example, "test": "phpunit" lets you run tests with composer test if you’re using PHPUnit.
  7. minimum-stability (optional):
    • Defines the acceptable stability for packages ("stable", "dev", "alpha", "beta", or "RC"). "stable" is usually preferred in production projects to ensure reliability.
  8. license:
    • Specifies the license, such as "MIT", "GPL-3.0", etc.

 

Copy Code 


{
"name": "vendor/package-name",
"description": "A short description of your project",
"type": "project",
"require": {
"php": ">=7.4"
},
"autoload": {
"psr-4": {
"App\\": "src/"
}
},
"scripts": {
"test": "phpunit"
},
"minimum-stability": "stable",
"license": "MIT"
}

Or Very basic file like,

Copy Code 


{
"name": "vendor/package-name",
"require": {
"php": ">=7.4"
}
}