Tag Archives: smtp
Install SRSd with Postfix on OpenSUSE

Postfix Sender Rewriting Scheme(SRS) daemon
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 |
zypper install postsrsd vi /etc/default/postsrsd SRS_DOMAIN=xxx.com vi /etc/postfix/main.cf inet_interfaces = all inet_protocols = ipv4 myhostname = smtp.xxx.com mynetworks_style = subnet mynetworks = 10.3.0.0/16, 192.168.1.0/24 relay_domains = $mydestination, hash:/etc/postfix/relay virtual_alias_domains = hash:/etc/postfix/virtual virtual_alias_maps = hash:/etc/postfix/virtual # Aiden: PostSRSd settings. sender_canonical_maps = tcp:localhost:10001 sender_canonical_classes = envelope_sender recipient_canonical_maps = tcp:localhost:10002 recipient_canonical_classes= envelope_recipient,header_recipient # Aiden: Optimizing maximal_queue_lifetime = 1d bounce_queue_lifetime = 1d maximal_backoff_time = 30m minimal_backoff_time = 5m queue_run_delay = 5m vi /etc/postfix/virtual @sss.com webmaster@company.com alert@ttt.com aiden@company.com,tom@company.com owner@ttt.com jane@company.com vi /etc/postfix/relay xxx.com OK sss.com OK ttt.com OK systemctl restart postsrsd systemctl restart postfix |
Install DKIMproxy on OpenSUSE

1. Install requirements
1 |
zypper install dkimproxy |
2. Create keys
1 2 3 4 5 |
cd /usr/share/dkimproxy/etc openssl genrsa -out dkim-private.key 1024 openssl rsa -in dkim-private.key -pubout -out dkim-public.key chown dkim dkim-private.key chmod 400 dkim-private.key |
3. Configuration file
1 2 3 4 5 6 7 8 9 10 |
cp dkimproxy_in.conf.example dkimproxy_in.conf cp dkimproxy_out.conf.example dkimproxy_out.conf vi dkimproxy_out.conf # add your domain of sender ... domain domain1.com,domain2.com # locate private-key file ... keyfile /usr/share/dkimproxy/etc/dkim-private.key # define selector of DNS record ... selector default |
4. Setting up postfix
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 |
vi /etc/postfix/master.cf: # # modify the default submission service to specify a content filter # and restrict it to local clients and SASL authenticated clients only # submission inet n - n - - smtpd -o smtpd_etrn_restrictions=reject -o smtpd_sasl_auth_enable=yes -o content_filter=dksign:[127.0.0.1]:10027 -o receive_override_options=no_address_mappings -o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject # # specify the location of the DKIM signing proxy # Note: we allow "4" simultaneous deliveries here; high-volume sites may # want a number higher than 4. # Note: the smtp_discard_ehlo_keywords option requires Postfix 2.2 or # better. Leave it off if your version does not support it. # dksign unix - - n - 4 smtp -o smtp_send_xforward_command=yes -o smtp_discard_ehlo_keywords=8bitmime,starttls # # service for accepting messages FROM the DKIM signing proxy # 127.0.0.1:10028 inet n - n - 10 smtpd -o content_filter= -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks -o smtpd_helo_restrictions= -o smtpd_client_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o mynetworks=127.0.0.0/8 -o smtpd_authorized_xforward_hosts=127.0.0.0/8 |
5. Restart services
1 2 3 |
chkconfig --add dkimproxy systemctl restart dkimproxy.service systemctl restart postfix.service |
6. Add DNS record (sender’s domain)
1 2 3 4 5 6 7 8 9 |
# add your public-key to p= ... default._domainkey IN TXT "v=DKIM1; k=rsa; g=*; t=s; p=MHwwDQYJK ... OprwIDAQAB" # if error in bind, split key like below ... default._domainkey IN TXT ("v=DKIM1; k=rsa; g=*; t=s; p=" "MHwwDQYJKasdE324asAHTDFDSADDAFGffdsdASDsasdOprwIDAQAB" "ADDAFGffdsdASDsasdOprwIDAQABMHwwDQYJKasdE324asAHTDFDS" .............. "AHTDFDSADDAFGffdsdASDsasdOprwIMHwwDQYJKasdE324asDAQAB") |
♦ References http://dkimproxy.sourceforge.net/usage.html