Adde snippits

Linux/SetupDkimPostfix.md

@@ -0,0 +1,92 @@
+# Setup postfix to add DKIM Signature to mails send by system
+
+## Prerequisites
+* Postfix (configured using Web-V2 if possible)
+
+## Setup
+```
+apt install opendkim opendkim-tools -y
+adduser postfix opendkim
+sudo --user opendkim mkdir /etc/opendkim/keys/<DOMAINNAME>
+sudo --user opendkim opendkim-genkey -r -D /etc/opendkim/keys/<DOMAINNAME> -d <DOMAINNAME> -s vps
+chown opendkim:opendkim /etc/opendkim/keys -R
+mkdir /var/spool/postfix/opendkim
+sudo chown opendkim:postfix /var/spool/postfix/opendkim
+```
+
+## Configuration
+### File: /etc/default/opendkim REPLACE
+Replace existing `RUNDIR` with the following
+```
+RUNDIR=/var/spool/postfix/var/run/opendkim
+```
+### File:/etc/opendkim.conf 
+Add the following to the file
+```
+Canonicalization        relaxed/simple
+KeyTable                refile:/etc/opendkim/KeyTable
+SigningTable            refile:/etc/opendkim/SigningTable
+ExternalIgnoreList      refile:/etc/opendkim/TrustedHosts
+InternalHosts           refile:/etc/opendkim/TrustedHosts
+```
+
+### File: /etc/opendkim/TrustedHosts
+Add the following to the file
+```
+127.0.0.1
+::1
+localhost
+<EXT SERVER IP>
+<HOSTNAME>
+<DOMAINNAME>
+```
+
+### File: /etc/opendkim/KeyTable
+Add the following to the file
+```
+vps._domainkey.<DOMAINNAME> <DOMAINNAME>:vps:/etc/opendkim/keys/<DOMAINNAME>/vps.private
+```
+
+### File: /etc/opendkim/SigningTable
+Add the following to the file
+```
+*@<DOMAINNAME> vps._domainkey.<DOMAINNAME>
+```
+
+### File: /etc/postfix
+Add the following to the file
+```
+milter_default_action = accept
+milter_protocol = 2
+smtpd_milters = unix:/var/run/opendkim/opendkim.sock
+non_smtpd_milters = unix:/var/run/opendkim/opendkim.sock
+```
+
+## Reload and restart services
+```
+bash /lib/opendkim/opendkim.service.generate
+systemctl daemon-reload
+systemctl restart opendkim postfix
+```
+
+## DNS
+### SPF on host name
+###SPF on Domain
+### Key on Domain
+Get public key `cat /etc/opendkim/keys/<DOMAINNAME>/vps.txt`  
+Output example:  
+
+```
+#Record Name     Record Type  
+#   V                  V
+vps._domainkey	IN	TXT	( "v=DKIM1; h=sha256; k=rsa; s=email; "
+	  "p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsyn5ZLBpT2/eRe0pCbhlpo5XtmfQ0wUFkbEY19Su4+oMdyOfYUcKgH3TA/dB537jfXf68xlpa7dyTkjtHHFun5OWUmwbuxqdlACzxajpeHDJa8VASb4Nu7fcOC2fxn2TpFN75Bai0YsGrz7UFHwGY43jkRKlQFf24fDwqPUQ+6hGd/nnbBOmiOCTOFFMcy5MS01yvWvbOczg6P"
+	  "w6CliBEW8qdp/ChRhxjwGEJeSZuDoXt5PWMv5vvGONfRsSqPzEQJwH8bBrtmgDRlN4yM2DpW5FlggSLFwsRr2qdWR+lGosQC2a2rrvZ7QTmt6X5FsM/ZEdGsGxrwqzQpK552BpgwIDAQAB" )  ; ----- DKIM key vps for Test.com
+```
+Warning: the key is spit in two parts, combine these in to one (as shown below)
+
+Create a dns record as vps._domainkey with folling content  
+Example:
+```
+v=DKIM1;h=sha256;k=rsa;s=email;p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsyn5ZLBpT2/eRe0pCbhlpo5XtmfQ0wUFkbEY19Su4+oMdyOfYUcKgH3TA/dB537jfXf68xlpa7dyTkjtHHFun5OWUmwbuxqdlACzxajpeHDJa8VASb4Nu7fcOC2fxn2TpFN75Bai0YsGrz7UFHwGY43jkRKlQFf24fDwqPUQ+6hGd/nnbBOmiOCTOFFMcy5MS01yvWvbOczg6Pw6CliBEW8qdp/ChRhxjwGEJeSZuDoXt5PWMv5vvGONfRsSqPzEQJwH8bBrtmgDRlN4yM2DpW5FlggSLFwsRr2qdWR+lGosQC2a2rrvZ7QTmt6X5FsM/ZEdGsGxrwqzQpK552BpgwIDAQAB;
+```