DMARC, SPF, DKIM for sendmail on linux

To create DMARC, SPF, and DKIM records for your domain, you'll need to configure the DNS TXT entries for each. Here's how to do it:

1. SPF Record

The SPF record helps to identify which mail servers are allowed to send email on behalf of your domain.

Step-by-Step:

  1. Login to your DNS provider's management panel.
  2. Add a new DNS TXT record with the following value:

    v=spf1 a mx ip4:<    myserver.net> -all

2. DMARC Record

DMARC tells mail servers how to handle emails that fail SPF or DKIM checks.

Step-by-Step:

  1. Add a DNS TXT record with the following value:

    v=DMARC1; p=none; rua=mailto:postmaster@myserver.net; ruf=mailto:postmaster@myserver.net; sp=none; aspf=r;

This record means that DMARC is set to "none" (no enforcement). You can change p=none to p=quarantine or p=reject once you are confident your setup is working.


3. DKIM

If you haven't installed OpenDKIM, do so:


sudo apt-get update

sudo apt-get install opendkim opendkim-tools


Next, generate your DKIM key pair with:


sudo opendkim-genkey -t -s default -d myhost.net


This creates two files:

  • default.private: The private key used for signing emails.
  • default.txt: The public key to be added to your DNS.


Add the Public Key to DNS

Open the default.txt file, which contains your public key:


default._domainkey IN TXT 3600 "v=DKIM1; h=sha256; k=rsa; t=y; p=ab12cd34ef56..."


Add this TXT entry to your DNS zone file, ensuring it's on a single line.

Move the Private Key to the Correct Directory

Move the private key to /etc/opendkim/keys and set appropriate permissions:

sudo mkdir -p /etc/opendkim/keys/myhost.net

sudo mv default.private /etc/opendkim/keys/myhost.net/default.private

sudo chown -R opendkim:opendkim /etc/opendkim/keys/myhost.net

sudo chmod 600 /etc/opendkim/keys/myhost.net/default.private


Configure OpenDKIM

Edit /etc/opendkim.conf to include the domain, key file, and selector:


Domain    myhost.net

KeyFile   /etc/opendkim/keys/myhost.net/default.private

Selector  default


Configure Sendmail Directly (sendmail.cf)

If you're configuring Sendmail directly via sendmail.cf, add the following line:

Xopendkim, S=local:/var/run/opendkim/opendkim.sock

This defines the filter and points to the OpenDKIM socket.

Restart Services

Restart opendkim and sendmail to apply the changes:


sudo service opendkim restart

sudo service sendmail restart


Test DKIM

After sending an email, you can verify DKIM by inspecting the headers or using tools like MXToolbox.

Popular posts from this blog

Pause a program which is using too much CPU

Sometimes your battery is running low and you need to pause a program without quitting it or force-quitting it, so that you can preserve battery but not lose the job that the program is doing. To do this,  Step 1. open a terminal Step 2. type:  ps ax | grep -i  "<program name>" so for example, if it's photoshop you need to pause, replace "<program name>" with "photoshop" Step 3. Next to the results on the far left you'll see a number, usually with 5 digits. E.g. 12345. Step 4. Type:  kill -STOP 12345 where 12345 are the numbers obtained in Step 2-3. Step 5. When you want to resume the program, type kill -CONT 12345 It should then continue to operate or run as usual without problems.
Read more

Enable Anydesk on Linux

 By default, Anydesk doesn't work on Ubuntu as it uses a different display server than what is expected by Anydesk (it expects the traditional X11 rather than Wayland). Dump this into a file, say, "fix_anydesk.sh", and then run it with sudo bash fix_anydesk.sh The script: #!/bin/bash # Check if the user has root privileges if [[ $EUID -ne 0 ]]; then    echo "This script must be run as root"     exit 1 fi # Backup the GDM configuration file GDM_CONFIG="/etc/gdm3/custom.conf" if [[ -f "$GDM_CONFIG" ]]; then     cp "$GDM_CONFIG" "$GDM_CONFIG.bak"     echo "Backup of custom.conf created." else     echo "GDM configuration file not found."     exit 1 fi # Disable Wayland by uncommenting and setting the 'WaylandEnable' option to false sed -i 's/#WaylandEnable=false/WaylandEnable=false/' "$GDM_CONFIG" # Inform the user echo "Wayland has been disabled. The system will use X11 inste...
Read more

throttle traffic on apache

sudo apt install apache2-utils sudo apt install libapache2-mod-evasive vi /etc/apache2/mods-enabled/evasive.conf service apache restart edit it and set values as per below or whatever else you like, the time quantities are seconds     DOSSiteInterval     1     DOSBlockingPeriod   10     #DOSLogDir           "/var/lock/mod_evasive"
Read more