The best way to setup Postfix/DKIM/SPF/DMARC on Ubuntu – Plesk onyx

2. How to setup DKIM/SPF/DMARC in Ubuntu with Plesk Onyx

Bear in mind: For those who use an external DNS controller, DKIM signing will work for outgoing messages, however,  the receiving mail server will not be able to validate these emails. Better to switch off Plesk DNS server and In this case, email recived messages will be vaildate from the both directions.

Let’s create custom Glu NS record first, if you’re on VPS or Dedicated server and if your hosting provider did not provide you Glu record.

  1. Go to the DNS settings from the web hosting account in the Plesk and then add glu recordadd ns1 record
    add ns2 record
    add ns1 record 3

Once Glu record has been setup then requests domain registrar to help you setup from their end.

Likewise, GoDaddy has already host name tab in the DNS management section and Same NS record and IPs, that’s all! you good to go.

Next step:

Enabling or disabling DKIM on the Plesk Onyx hosting Server

  1. Go to Tools and Settings > Mail Server Settings(scroll down to DKIM Spam protection in the mail group tab).
  2. check both:  Allow signing outgoing mail and Verify incoming mail – once you checked verify incoming mail, DMARC option becomes available.
  3. Checked: DMARC option too.

Note: The DNS service must be activated on a domain.

Plesk Onyx will create SPF and DKIM record in the Domain’s DNS server settings automatically.

  • default._domainkey.<example.com> – contains the public part of the generated key.
  • _ domainkey.<example.com> – contains the DKIM policy.
  • _dmarc.<domain>. TXT v=DMARC1; p=none

Once all completed, make sure use any test tool to verify all working.


5. Generate Public and Private Key from the OpenSSL

DKIM requires a public and private key. The private key should be saved in a safe location on your server. The public key will be used in the DNS TXT record for DKIM.

Enter the following command to generate your private key:

openssl genrsa -out dkim.private 1024

Enter the following command to generate your public key:

openssl rsa -in dkim.private -out dkim.public -pubout -outform PEM

Move your private key to the dkim directory using the following command:

mv dkim.private /var/db/dkim/dkim.key.pem

dkim is the selector name in my example.


How to setup/install dkim in cPanel

Reference:

  1. https://help.ubuntu.com/community/Postfix/DKIMhttps://www.linuxtutorial.co.uk/domain-keys-dkim-installation-postfix/#more-6611
  2. http://www.elandsys.com/resources/mail/dkim/opendkim.html
  3. https://www.exratione.com/2014/07/setting-up-spf-and-dkim-for-an-ubuntu-1404-mail-server/
  4. https://docs.plesk.com/en-US/onyx/customer-guide/mail-settings/enabling-dkim-email-signing.74718/
  5. https://docs.plesk.com/en-US/onyx/administrator-guide/mail/antispam-tools/dkim-spf-and-dmarc-protection.59433/
  6. https://askubuntu.com/questions/134725/setup-dkim-domainkeys-for-ubuntu-postfix-and-mailmanhttp://kb.odin.com/en/119654

Speed test on your Server Ubuntu

speedtest-cli is in the repository now. For 16.04 Xenial or later use:

sudo apt install speedtest-cli
speedtest-cli

OR

The Short version, use without root user:

curl -s  https://raw.githubusercontent.com/sivel/speedtest-cli/master/speedtest.py | python -

Cannot sent message via webmail: “User unknown in virtual alias table”

  • Applies to: Ubuntu Plesk Onyx

Symptoms: User unknown in virtual alias table, 550, 511

Resolution: try this:

/usr/local/psa/bin/domain -u example.com -mail_service false

or https://kb.odin.com/en/119654

Reason: my domain is not registered with Digitalberg dedicated server and My domain configured locally in the Apache therefore specific email address rejecting by local mail service. That’s why I deactivated this service for My domain as “workaround” for my scenario.

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *