Skip to content

HOWTO: Install and Configure Postfix + DKIMProxy FOR LARGE SENDING on Debian

March 4, 2012

Assuming fresh Debian install

1. Configure from menu for internet site and set system’s mailname

root@smtp1:~# apt-get install postfix

Reading package lists… Done
Building dependency tree

……………………..

Setting up libperl5.10 (5.10.1-17squeeze3) …
Setting up libpq5 (8.4.11-0squeeze1) …

2. add eth alias this postfix instance to work on

root@smtp1:~# ifconfig eth0:1 YOUR_IP netmask 255.255.255.224 up
root@smtp1:~# ifconfig

eth0 Link encap:Ethernet HWaddr 00:30:48:8e:1a:84
inet addr:YOU_IP1 Bcast:YOUR_IP5 Mask:255.255.255.0
inet6 addr: fe80::230:48ff:fe8e:1a84/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:376534 errors:0 dropped:0 overruns:0 frame:0
TX packets:3566 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:26484046 (25.2 MiB) TX bytes:298059 (291.0 KiB)
Interrupt:16 Memory:ee100000-ee120000

eth0:1 Link encap:Ethernet HWaddr 00:30:48:8e:1a:84
inet addr:YOUR_IP Bcast:62.73.117.31 Mask:255.255.255.224
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Interrupt:16 Memory:ee100000-ee120000

3. Make postfix configuration to be used with dkim and work on ip alias

root@smtp1:/etc/postfix# mv main.cf main.cf.orig
root@smtp1:/etc/postfix# vi main.cf

mail_name = smtp1.DOMAIN.com
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no

# appending .domain is the MUA’s job.
append_dot_mydomain = no

# Uncomment the next line to generate “delayed mail” warnings
#delay_warning_time = 4h

readme_directory = no

# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

myhostname = smtp1.DOMAIN.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
mydestination = mailer, localhost.localdomain, , localhost
relayhost =
mynetworks = allowed_ips 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_command = procmail -a “$EXTENSION”
mailbox_size_limit = 0
recipient_delimiter = +

inet_protocols = ipv4

inet_interfaces = YOUR_IP, 127.0.0.1

root@smtp1:/etc/postfix# vi master.cf
root@smtp1:/etc/postfix# grep -v ^# master.cf|grep .

smtp inet n – – – – smtpd
submission inet n – – – – smtpd
-o content_filter=dksign:[127.0.0.1]:10027
-o receive_override_options=no_address_mappings
dksign unix – – n – 4 smtp
-o smtp_send_xforward_command=yes
-o smtp_discard_ehlo_keywords=8bitmime,starttls
127.0.0.1:10028 inet n – n – 10 smtpd
-o content_filter=
-o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
-o smtpd_helo_restrictions=
-o smtpd_client_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
-o smtpd_authorized_xforward_hosts=127.0.0.0/8
pickup fifo n – – 60 1 pickup
cleanup unix n – – – 0 cleanup
qmgr fifo n – n 300 1 qmgr
tlsmgr unix – – – 1000? 1 tlsmgr
rewrite unix – – – – – trivial-rewrite
bounce unix – – – – 0 bounce
defer unix – – – – 0 bounce
trace unix – – – – 0 bounce
verify unix – – – – 1 verify
flush unix n – – 1000? 0 flush
proxymap unix – – n – – proxymap
proxywrite unix – – n – 1 proxymap
smtp unix – – – – – smtp
relay unix – – – – – smtp
-o smtp_fallback_relay=
showq unix n – – – – showq
error unix – – – – – error
retry unix – – – – – error
discard unix – – – – – discard
local unix – n n – – local
virtual unix – n n – – virtual
lmtp unix – – – – – lmtp
anvil unix – – – – 1 anvil
scache unix – – – – 1 scache
maildrop unix – n n – – pipe
flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
uucp unix – n n – – pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender – $nexthop!rmail ($recipient)
ifmail unix – n n – – pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix – n n – – pipe
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix – n n – 2 pipe
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman unix – n n – – pipe
flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
${nexthop} ${user}

4. install dkimproxy

root@smtp1:/etc/postfix# apt-get install dkimproxy
Reading package lists… Done
Building dependency tree
Reading state information… Done
The following packages were automatically installed and are no longer required:
libmysqlclient16 libperl5.10 libpq5 mysql-common
Use ‘apt-get autoremove’ to remove them.
The following extra packages will be installed:
amavisd-new libarchive-zip-perl libberkeleydb-perl libcompress-raw-zlib-perl libconvert-binhex-perl libconvert-tnef-perl libconvert-uulib-perl libcrypt-openssl-bignum-perl libcrypt-openssl-rsa-perl
libdigest-hmac-perl libdigest-sha1-perl liberror-perl libio-multiplex-perl libio-stringy-perl libmail-dkim-perl libmailtools-perl libmime-tools-perl libnet-cidr-perl libnet-dns-perl libnet-ip-perl
libnet-server-perl libtext-wrapper-perl libtimedate-perl libunix-syslog-perl pax
Suggested packages:
spamassassin clamav clamav-daemon lha arj unrar zoo nomarch lzop cabextract libnet-ldap-perl libauthen-sasl-perl libdbi-perl dspam p7zip rpm unrar-free libsnmp-perl libio-socket-inet6-perl
libio-socket-ssl-perl
The following NEW packages will be installed:
amavisd-new dkimproxy libarchive-zip-perl libberkeleydb-perl libcompress-raw-zlib-perl libconvert-binhex-perl libconvert-tnef-perl libconvert-uulib-perl libcrypt-openssl-bignum-perl
libcrypt-openssl-rsa-perl libdigest-hmac-perl libdigest-sha1-perl liberror-perl libio-multiplex-perl libio-stringy-perl libmail-dkim-perl libmailtools-perl libmime-tools-perl libnet-cidr-perl
libnet-dns-perl libnet-ip-perl libnet-server-perl libtext-wrapper-perl libtimedate-perl libunix-syslog-perl pax
0 upgraded, 26 newly installed, 0 to remove and 0 not upgraded.
Need to get 2,786 kB of archives.
After this operation, 8,938 kB of additional disk space will be used.
Do you want to continue [Y/n]?

………

(failed).
invoke-rc.d: initscript amavis, action “start” failed.
WARNING: Starting amavisd-new failed. Please check your configuration.
Errors were encountered while processing:
dkimproxy
E: Sub-process /usr/bin/dpkg returned an error code (1)

5. Process dkimproxy configuration:

root@smtp1:/etc# grep -v ^# /etc/default/dkimproxy |grep .

RUN_DKIMPROXY_OUT=1
RUN_DKIMPROXY_IN=0
DKIMRPOXY_OUT_CONF=”/etc/dkimproxy/dkimproxy_out.conf”
DKIMPROXYUSER=dkimproxy
DKIMPROXYGROUP=dkimproxy
DKIMPROXY_OUT_PRIVKEY=”/etc/dkim/keys/DOMAIN.com/private.key”
DOMAIN=smtp1.DOMAIN.com
DKIMPROXY_OUT_MIN_SERVERS=10

root@smtp1:/etc/dkimproxy# grep -v ^# dkimproxy_out.conf|grep .

listen 127.0.0.1:10027
relay 127.0.0.1:10028
domain DOMAIN.com
signature dkim(c=relaxed)
signature domainkeys(c=nofws)
keyfile /etc/dkim/keys/DOMAIN.com/private.key
selector 2012
reject_error 1

root@smtp1:/etc/dkimproxy# mkdir -p /etc/dkim/keys/DOMAIN.com
root@smtp1:/etc/dkimproxy# cd /etc/dkim/keys/DOMAIN.com

..here put the pre-generated keys, or generate new ones:

openssl genrsa -out private.key 1024

openssl rsa -in private.key -out public.key -pubout -outform PEM

.. put public key into dns:
2012._domainkey.DOMAIN.com. IN TXT “v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDuk8juJ1iT7bST/0KykISBGOnJyR2h5cl3gxvshuh5mTODBp78cZbIYkOAGjEX/I6U2ox6s53yeEF7DQlHLJCId11wI486E4dGSOgRje2e5elHX6QEwfEGDRyEL+6WwJo/BR3LHihbqHfaY7EZuA6Vuq7Wun8H1Wo2FD+IuxAubQIDAQAB”
5.1 EDIT /etc/init.d/dkimproxy file:
DKIMPROXY_OUT_ARGS=”–method=simple –conf_file ${DKOUT_CONF} –keyfile=${DKIMPROXY_OUT_PRIVKEY} ${COMMON_ARGS} –pidfile=${PIDDKIMPROXY_OUT} –signature=dkim –signature=domainkeys –min_servers=${DKIMPROXY_OUT_MIN_SERVERS}”
6. start postifx and dkim
7. test configuration:
7.1 test dns first: http://dkimcore.org/tools/
7.3 more spf,dkim tests here: http://appmaildev.com/en/dkim/
Advertisements

From → Emailling

4 Comments
  1. Luis Mendes permalink

    Hi, thanks for the howto. But how do you deal with the firewall?

    • What you mean?
      Give me a little more details on your issue with the firewall.

Trackbacks & Pingbacks

  1. HOWTO: Install and Configure Postfix + DKIM in FreeBSD jail for LARGE SENDING « Sto
  2. HOWTO: Optimize and Tune Debian OS for LARGE SENDING emails with postfix « Sto

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: