Loading Now

Master Email Security: Configure Postfix, DKIM, SPF & DMARC on Plesk

2. How to set up DKIM, SPF, and DMARC in Ubuntu with Plesk Onyx

Note: If you’re using an external DNS service, DKIM signing will function for outgoing mail, but the receiving server might not be able to verify these messages. Turning off the Plesk DNS server is recommended in this case to ensure validation both ways.

If you’re running a VPS or dedicated server and your hosting provider hasn’t provided Glu records, set up a custom Glu NS record to ensure your domain resolves correctly.

  1. Access DNS settings in your Plesk hosting panel and add the required Glu records.
    add ns1 record
    add ns2 record
    add ns1 record 3

After you’ve added the Glu records, contact your domain registrar to complete the configuration on their end.

For example, GoDaddy offers a Host Name tab in their DNS management area, making it easy to add the necessary NS records and IPs—then you’re all set.

Next, let’s proceed to:

How to Enable or Disable DKIM in Plesk Onyx

  1. Navigate to Tools and Settings > Mail Server Settings (scroll down to DKIM Spam Protection within the Mail Group tab).
  2. Tick both Allow signing outgoing mail and Verify incoming mail. Once Verify incoming mail is selected, the DMARC option will appear.
  3. Enable the DMARC option as well.

Note: You must ensure the DNS service is active for your domain before proceeding.

With Plesk Onyx, SPF and DKIM records will be added to your domain’s DNS settings automatically.

  • default._domainkey.<example.com> – includes the public DKIM key.
  • _domainkey.<example.com> – Stores the DKIM-specific policy.
  • _dmarc.<domain>. TXT v=DMARC1; p=none

After these adjustments, use a DKIM and SPF validation tool to confirm your configuration works correctly.


5. How to Create DKIM Public and Private Keys Using OpenSSL

DKIM setup requires both a public and a private key. Store your private key securely on your server, while the public key is published in a DNS TXT record.

To produce your private key, enter:

openssl genrsa -out dkim.private 1024

Next, generate the public key from your private key:

openssl rsa -in dkim.private -out dkim.public -pubout -outform PEM

Now, relocate your private key into the DKIM storage directory with:

mv dkim.private /var/db/dkim/dkim.key.pem

Here, DKIM is the selector in this demonstration.


How to Enable/Install DKIM on cPanel

Further Reading:

  1. https://help.ubuntu.com/community/Postfix/DKIMhttps://www.linuxtutorial.co.uk/domain-keys-dkim-installation-postfix/#more-6611
  2. http://www.elandsys.com/resources/mail/dkim/opendkim.html
  3. https://www.exratione.com/2014/07/setting-up-spf-and-dkim-for-an-ubuntu-1404-mail-server/
  4. https://docs.plesk.com/en-US/onyx/customer-guide/mail-settings/enabling-dkim-email-signing.74718/
  5. https://docs.plesk.com/en-US/onyx/administrator-guide/mail/antispam-tools/dkim-spf-and-dmarc-protection.59433/
  6. https://askubuntu.com/questions/134725/setup-dkim-domainkeys-for-ubuntu-postfix-and-mailmanhttp://kb.odin.com/en/119654

How to Perform a Speed Test on Ubuntu Server

Speedtest-cli is part of the official package repository for Ubuntu 16.04 Xenial and newer. Install and run it by typing:

sudo apt install speedtest-cli
speedtest-cli

Alternatively, without root permissions, use the quick command:

curl -s  https://raw.githubusercontent.com/sivel/speedtest-cli/master/speedtest.py | python -

Troubleshooting: Unable to Send Message via Webmail – “User unknown in virtual alias table”

  • Applies to: Ubuntu Plesk Onyx

Error Description: “User unknown in virtual alias table”, with messages such as 550 or 511 errors.

Solution: Try running this command:

/usr/local/psa/bin/domain -u example.com -mail_service false

or https://kb.odin.com/en/119654

Explanation: This happens because the domain is not set up with the mail hosting provider (in this example, not on Digitalberg), and configured locally in Apache, leading to rejected mail by the internal mail service. Disabling the mail service for the domain resolves the issue in this scenario.

Pages: 1 2

Post Comment