Tran Nghi's Site  - Make notes and share experience

Postfix – Config SPF, DKIM and DMARC

Below is some articles that I have referred to config SPF and DKIM on my self-host mail server.

1) SPF

This is the first article that I found: https://wordtothewise.com/2014/06/authenticating-spf/
But this one is more detial: https://linode.com/docs/email/postfix/configure-spf-and-dkim-in-postfix-on-debian-8/

Below is my work – I was setting up for a sub-domain of infotechviet.com: assuming that you’re already have configured the DNS record for your mail server. like this:

lcl          A record          – points to ip 113.xxx.xx.12x                    #public ip of my mail server, of course
lcl         MX record        – mail handled by lcl.infotechviet.com   #the above A record
mail     CNAME record – is an alias of lcl.infotechviet.com        #not neccesary, this is just for my web client/admin access: ie: https://mail.infotechviet.com

So now, I am setting up my SPF like this:

lcl    TXT record  – has value as “v=spf1 a mx ip4:113.xxx.xx.12x include:lcl.infotechviet.com -all”

Otherwise:

lcl   TXT record  – has value as “v=spf1 a mx ip4:113.xxx.xx.12x -all”
(each items in the value is just optional, you’re having a specific ip address, then no need the include option, or you can have multi include options as you want:
– has value as “v=spf1 a mx ip4:113.xxx.xx.12x include:lcl.infotechviet.com include:mail.infotechviet.com -all”

 

See the explanation on the above links:

As if you’re using the Exchange Mail Online Service 365, you’re properly has a TXT record like this – for my root domain (ie: infotechviet.com):

@    TXT record  – has value as “v=spf1 include:spf.protection.outlook.com -all”

 

2) DMARC

I am currently setting my DMARC as below

_dmarc.lcl   TXT record  – has value as “v=DMARC1;p=quarantine;sp=quarantine;adkim=r;aspf=r”

Or if you’re using Exchange Mail Online Service 365, it shall be like this – for my root domain (ie: infotechviet.com)

_dmarc  TXT record  – has value as “v=DMARC1; p=none;”

Find the explanation https://linode.com/docs/email/postfix/configure-spf-and-dkim-in-postfix-on-debian-8/

 

3) DKIM – OpenDKIM

I was referring some article like this: https://easyengine.io/tutorials/mail/dkim-postfix-ubuntu/
But actually, this article has made things going to work: https://help.ubuntu.com/community/Postfix/DKIM#Common_errors_and_fixes

My work:

 

Message