Master Email Security: Configure Postfix, DKIM, SPF & DMARC on Plesk
2. How to set up DKIM, SPF, and DMARC in Ubuntu with Plesk Onyx
Note: If you’re using an external DNS service, DKIM signing will function for outgoing mail, but the receiving server might not be able to verify these messages. Turning off the Plesk DNS server is recommended in this case to ensure validation both ways.
If you’re running a VPS or dedicated server and your hosting provider hasn’t provided Glu records, set up a custom Glu NS record to ensure your domain resolves correctly.
- Access DNS settings in your Plesk hosting panel and add the required Glu records.
After you’ve added the Glu records, contact your domain registrar to complete the configuration on their end.
For example, GoDaddy offers a Host Name tab in their DNS management area, making it easy to add the necessary NS records and IPs—then you’re all set.
Next, let’s proceed to:
How to Enable or Disable DKIM in Plesk Onyx
- Navigate to Tools and Settings > Mail Server Settings (scroll down to DKIM Spam Protection within the Mail Group tab).
- Tick both Allow signing outgoing mail and Verify incoming mail. Once Verify incoming mail is selected, the DMARC option will appear.
- Enable the DMARC option as well.
Note: You must ensure the DNS service is active for your domain before proceeding.
With Plesk Onyx, SPF and DKIM records will be added to your domain’s DNS settings automatically.
default._domainkey.<example.com>
– includes the public DKIM key._domainkey.<example.com>
– Stores the DKIM-specific policy.- _dmarc.<domain>. TXT v=DMARC1; p=none
After these adjustments, use a DKIM and SPF validation tool to confirm your configuration works correctly.
5. How to Create DKIM Public and Private Keys Using OpenSSL
DKIM setup requires both a public and a private key. Store your private key securely on your server, while the public key is published in a DNS TXT record.
To produce your private key, enter:
openssl genrsa -out dkim.private 1024
Next, generate the public key from your private key:
openssl rsa -in dkim.private -out dkim.public -pubout -outform PEM
Now, relocate your private key into the DKIM storage directory with:
mv dkim.private /var/db/dkim/dkim.key.pem
Here, DKIM is the selector in this demonstration.
How to Enable/Install DKIM on cPanel
Further Reading:
- https://help.ubuntu.com/community/Postfix/DKIMhttps://www.linuxtutorial.co.uk/domain-keys-dkim-installation-postfix/#more-6611
- http://www.elandsys.com/resources/mail/dkim/opendkim.html
- https://www.exratione.com/2014/07/setting-up-spf-and-dkim-for-an-ubuntu-1404-mail-server/
- https://docs.plesk.com/en-US/onyx/customer-guide/mail-settings/enabling-dkim-email-signing.74718/
- https://docs.plesk.com/en-US/onyx/administrator-guide/mail/antispam-tools/dkim-spf-and-dmarc-protection.59433/
- https://askubuntu.com/questions/134725/setup-dkim-domainkeys-for-ubuntu-postfix-and-mailmanhttp://kb.odin.com/en/119654
How to Perform a Speed Test on Ubuntu Server
Speedtest-cli is part of the official package repository for Ubuntu 16.04 Xenial and newer. Install and run it by typing:
sudo apt install speedtest-cli speedtest-cli
Alternatively, without root permissions, use the quick command:
curl -s https://raw.githubusercontent.com/sivel/speedtest-cli/master/speedtest.py | python -
Troubleshooting: Unable to Send Message via Webmail – “User unknown in virtual alias table”
- Applies to: Ubuntu Plesk Onyx
Error Description: “User unknown in virtual alias table”, with messages such as 550 or 511 errors.
Solution: Try running this command:
/usr/local/psa/bin/domain -u example.com -mail_service false or https://kb.odin.com/en/119654
Explanation: This happens because the domain is not set up with the mail hosting provider (in this example, not on Digitalberg), and configured locally in Apache, leading to rejected mail by the internal mail service. Disabling the mail service for the domain resolves the issue in this scenario.
Post Comment