Modern day life is incomplete without emails now a days. World is going digital, so email became the standard medium of information exchange. Similarly for an web application or website emails is an inseparable part.
With the growing volume of information exchange via email, there is a dark side of it as well. Users are getting lots or SPAMs and Phishing emails which are used by hackers to steal confidential information about the user. So email providers increased their security standards to avoid those as much as possible. Following are few of the security standards are used to prevent spamming by any website:
- TLS(Transport Layer Security) Encryption
- DKIM(Domain Keys Identified Mail) Signature verification
- SPF(Sender Policy Framework) record verification
In the following article we will provide step by step guide to setup an email sending server for your domain which will be considered as legitimate email by the popular providers like GMAIL, YAHOO, HOTMAIL etc.
Let’s assume your domain is “EXAMPLE.COM” and registered from Godaddy.
Step 1: Upgrade system packages
# update repository package definitions $ sudo apt update -y # update packages $ sudo apt upgrade -y # cleanup unused packages if any $ sudo apt autoremove -y
Let’s restart the system once the above steps complete to have clean up-to-date system.
Step 2: Install required dependencies
# install postfix SMTP server package $ sudo apt install postfix -y # install DKIM package for DKIM verification $ sudo apt install opendkim opendkim-tools -y
Step 3: Configure Postfix settings
In order to enable TLS & DKIM validation to our POSTFIX service, we have to go through following steps.
Step 3.1: Enable TLS on POSTFIX server
# create directory for SSL ceritificates for your domain $ sudo mkdir -p /etc/mail/ssl/example.com
Now let’s upload your SSL Certificate Chain and Private Key files to the following directory: /etc/mail/ssl/example.com
$ sudo postconf -e 'smtpd_tls_cert_file = /etc/mail/ssl/example.com/example.com.bundle.crt' $ sudo postconf -e 'smtpd_tls_key_file = /etc/mail/ssl/example.com/example.com.private.key' $ sudo postconf -e 'smtpd_use_tls = yes' $ sudo postconf -e 'smtp_tls_security_level = may' $ sudo postconf -e 'smtpd_tls_security_level = may' $ sudo postconf -e 'smtp_tls_note_starttls_offer = yes' $ sudo postconf -e 'smtpd_tls_loglevel = 1' $ sudo postconf -e 'smtpd_tls_received_header = yes'
Step 3.3: Enable DKIM on POSTFIX server
Please note, we will be using DKIM service on port 8892. We will configure the DKIM service for the target port in Section 4.
$ sudo postconf -e 'milter_default_action = accept'
$ sudo postconf -e 'milter_protocol = 2'
$ sudo postconf -e 'smtpd_milters = inet:localhost:8892'
$ sudo postconf -e 'non_smtpd_milters = inet:localhost:8892'
Step 3.4: Activate port 587 for TLS
In order to activate port 587 for TLS communication on our SMTP server, let’s add following line to the file: /etc/postfix/master.cf
587 inet n - n - - smtpd
The above configuration should be enough to have a running Postfix SMTP email sending server. Now we have to configure the DKIM & SPF as mentioned on our next tutorial: