Skip to main content

Important Records for Mail Domain Name

When you have a domain, for example, yourdomain.com, you can create your email address at that domain name like yourname@yourdomain.com. Several domain name records which I consider to be important for mail domain are:

1. MX Record
Of course, it assigns a domain where the mail exchange server is located. For example:

Name Priority Type Data
yourdomain.com 10 MX mx.yourdomain.com

2. SPF Record
SPF is a spam and phishing scam fighting method that uses DNS SPF records to define which hosts are permitted to send e-mails for a domain. See http://www.openspf.org. For example:

Name Type Data
yourdomain.com TXT "v=spf1 mx mx:yourdomain.com -all"

This configuration means emails sent from all servers defined in the MX record of yourdomain.com are permitted by the sender organization

3. DKIM Record
DKIM allows an organization to take responsibility for a message in a way that can be verified by a recipient. DKIM defines a domain-level digital signature authentication framework for email through the use of public-key cryptography and using the domain name service as its key server technology (more info).  There are some steps to sign DKIM signature on the mail server using amavisd (in latest Ubuntu its name is amavisd-new).

1) Check existing keys.
$ amavisd-new showkeys

2) Generate new key for new domain.
$ amavisd-new genrsa /var/lib/dkim/yournewdomain.com.pem 1024
$ chown amavis:amavis /var/lib/dkim/yournewdomain.com.pem
$ chmod 0400 /var/lib/dkim/yournewdomain.com.pem

3) Setup amavisd configuration. In Ubuntu, it's located at /etc/amavis/conf.d/50-user.

Find:
dkim_key('yourdomain.com', "dkim", "/var/lib/dkim/yourdomain.com.pem");

Add:
dkim_key('yournewdomain.com', "dkim", "/var/lib/dkim/yournewdomain.com.pem");

Find:
@dkim_signature_options_bysender_maps = ( {
    ...
    "yourdomain.com"  => { d => "yourdomain.com", a => 'rsa-sha256', ttl => 10*24*3600 },
    ...
});

Add:
@dkim_signature_options_bysender_maps = ( {
    ...
    "yourdomain.com"  => { d => "yourdomain.com", a => 'rsa-sha256', ttl => 10*24*3600 },
    "yournewdomain.com"  => { d => "yournewdomain.com", a => 'rsa-sha256', ttl => 10*24*3600 },
    ...
});

Actually, you can also use an existing key and don't need to generate a new key by mapping the new domain to use an existing key.
    "yournewdomain.com"  => { d => "yourdomain.com", a => 'rsa-sha256', ttl => 10*24*3600 },

Or, you can also assign a key for all domains.
dkim_key('*', "dkim", "/var/lib/dkim/yourdomain.com.pem");
Then restart amavisd.

4) Recheck existing keys.
$ amavisd-new showkeys
Copy the value part v=DKIM1; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDYArsr2BKbdhv9efugBy... and remove any quotes and line breaks.

5) Update DNS record for new DKIM information. (Domain providers can take a while for updating its records)

Name Type Data
dkim._domainkey.yourdomain.com TXT v=DKIM1; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBi...

6) Validate DNS record using amavisd. If it returns pass, it works.
$ amavisd-new testkeys

7) Verify using other tools.
$ dig -t txt dkim._domainkey.yourdomain.com
$ nslookup -type=txt dkim._domainkey.yourdomain.com


Comments

Popular posts from this blog

Deploying a Web Server on UpCloud using Terraform Modules

In my earlier post , I shared an example of deploying UpCloud infrastructure using Terraform from scratch. In this post, I want to share how to deploy the infrastructure using available Terraform modules to speed up the set-up process, especially for common use cases like preparing a web server. For instance, our need is to deploy a website with some conditions as follows. The website can be accessed through HTTPS. If the request is HTTP, it will be redirected to HTTPS. There are 2 domains, web1.yourdomain.com and web2.yourdomain.com . But, users should be redirected to "web2" if they are visiting "web1". There are 4 main modules that we need to set up the environment. Private network. It allows the load balancer to connect with the server and pass the traffic. Server. It is used to host the website. Load balancer. It includes backend and frontend configuration. Dynamic certificate. It is requ...

Armin or Commander Erwin

In the moment of conflict in the scout team, who will be revived?

Rangkaian Sensor Infrared dengan Photo Dioda

Keunggulan photodioda dibandingkan LDR adalah photodioda lebih tidak rentan terhadap noise karena hanya menerima sinar infrared, sedangkan LDR menerima seluruh cahaya yang ada termasuk infrared. Rangkaian yang akan kita gunakan adalah seperti gambar di bawah ini. Pada saat intensitas Infrared yang diterima Photodiode besar maka tahanan Photodiode menjadi kecil, sedangkan jika intensitas Infrared yang diterima Photodiode kecil maka tahanan yang dimiliki photodiode besar. Jika  tahanan photodiode kecil  maka tegangan  V- akan kecil . Misal tahanan photodiode mengecil menjadi 10kOhm. Maka dengan teorema pembagi tegangan: V- = Rrx/(Rrx + R2) x Vcc V- = 10 / (10+10) x Vcc V- = (1/2) x 5 Volt V- = 2.5 Volt Sedangkan jika  tahanan photodiode besar  maka tegangan  V- akan besar  (mendekati nilai Vcc). Misal tahanan photodiode menjadi 150kOhm. Maka dengan teorema pembagi tegangan: V- = Rrx/(Rrx + R2) x Vcc V- = 150 / (1...

Kenshin VS The Assassin

It is an assassin versus assassin.

What's Good About Strapi, a Headless CMS

Recently, I've been revisiting Strapi as a solution for building backend systems. I still think this headless CMS can be quite useful in certain cases, especially for faster prototyping or creating common websites like company profiles or e-commerce platforms . It might even have the potential to handle more complex systems. With the release of version 5, I'm curious to know what updates it brings. Strapi has launched a new documentation page, and it already feels like an improvement in navigation and content structure compared to the previous version. That said, there's still room for improvement, particularly when it comes to use cases and best practices for working with Strapi. In my opinion, Strapi stands out with some compelling features that could catch developers' attention. I believe three key aspects of Strapi offer notable advantages. First, the content-type builder feature lets us design the data structure of an entity or database model , including ...

Armin and Eren VS Colossal Titan

The trick was unexpected and caught Bertolt off guard.