DKIM, SPF, and DMARC are email authentication standards that prevent spoofing and improve email deliverability. This guide configures all three on a Postfix server on Ubuntu 24.04 LTS.
Tested and valid on:
- Ubuntu 24.04 LTS
Prerequisites
- Ubuntu 24.04 LTS server
- Postfix installed and running
- Access to your domain DNS records
- A user with sudo privileges
Step 1 – Install OpenDKIM
Install the DKIM signing daemon:
sudo apt update
sudo apt install opendkim opendkim-tools -yStep 2 – Generate DKIM Keys
Create the key directory and generate keys:
sudo mkdir -p /etc/opendkim/keys/example.com
sudo opendkim-genkey -t -s mail -d example.com -D /etc/opendkim/keys/example.com/
sudo chown -R opendkim:opendkim /etc/opendkimStep 3 – Configure OpenDKIM
Edit the main config:
sudo nano /etc/opendkim.confSet:
Domain example.com
Selector mail
KeyFile /etc/opendkim/keys/example.com/mail.private
Socket inet:12301@localhostStep 4 – Connect Postfix to OpenDKIM
Add to /etc/postfix/main.cf:
milter_protocol = 6
milter_default_action = accept
smtpd_milters = inet:localhost:12301
non_smtpd_milters = inet:localhost:12301Restart both:
sudo systemctl restart opendkim postfixStep 5 – Add the DKIM DNS Record
Get the public key:
sudo cat /etc/opendkim/keys/example.com/mail.txtCreate a TXT DNS record:
- Name: mail._domainkey.example.com
- Value: the v=DKIM1; k=rsa; p=… string from the file
Step 6 – Add an SPF DNS Record
Create a TXT record at your domain root:
v=spf1 mx ip4:YOUR_SERVER_IP ~allThis tells receiving servers that only your mail server is authorised to send email for your domain.
Step 7 – Add a DMARC DNS Record
Create a TXT record at _dmarc.example.com:
v=DMARC1; p=quarantine; pct=100; rua=mailto:[email protected]Verify all records using an online tool like MXToolbox or mail-tester.com.
Conclusion
DKIM, SPF, and DMARC are now configured on Ubuntu 24.04 LTS. These three standards significantly improve email deliverability and protect your domain from being used in phishing campaigns.
