Postfix Installation

In Section, we are going to setup postfix SMTP mail server which used as relay host to send an email to outside world. In the setup, the server doesn’t receive any emails, it only sends emails to outside users. So We don’t need to setup MX record for the email server. But at the same time, we have to setup PTR, SPF, and DKIM record to prevent your emails to be classified as spam.

SPF (Sender Policy Framework) is a system that identifies to mail servers what hosts are allowed to send email for a given domain.

DKIM (DomainKeys Identified Mail) is a system that lets your official mail servers add a signature to headers of outgoing email and identifies your domain’s public key so other mail servers can verify the signature. As with SPF, DKIM helps keep your mail from being considered spam.

Where I have used the domain “” which has DNS “A” record for my email server IP.

The below email log indicates your postfix mail server is not authorized to send that domain emails and it doesn’t have signatured headers.

** example of bounce maillog **

Our system has detected an unusual rate of 421-4.7.0 unsolicited mail originating from your IP address. To protect our 421-4.7.0 users from spam, mail sent from your IP address has been temporarily 421-4.7.0 rate limited. Please visit 421-4.7.0 to review our Bulk Email 421 4.7.0 Senders Guidelines. kh8si41079434wjb.218 – gsmtp (in reply to end of DATA command)

Install Postfix

1) Install postfix using apt-get.
$ apt-get install postfix

2) Configure hostname and mynetworks in /etc/postfix/ file
$ vim /etc/postfix/

myhostname =
mydestination = $myhostname, localhost.$myhostname, localhost
myorigin = /etc/mailname

3) where it is a relay host server, So configure network range to receive emails from the host.
mynetworks = [::ffff:]/104 [::1]/128

4) Add origin domain name which used to replace hostname in from address for system root emails.
$ vim /etc/mailname

Install DKIM

$ sudo apt-get install opendkim opendkim-tools

Generate DKIM record

DKIM is based on asymmetric cryptography. Basically, we will generate a pair of public/private keys on your server and publish the public key on your DNS records.

You can create DKIM in online using any one of the sites listed below.
while create the DKIM record give any string as selector. But it will be used later on server configurations and DNS record.

Save your private key on the postfix server.
$ mkdir -p /etc/opendkim

$ vim /etc/opendkim/

$ chmod 700 /etc/opendkim/

$ chown -R opendkim:opendkim etc/opendkim/

Configure DKIM

1) $ sudo vim /etc/opendkim.conf

AutoRestart Yes
AutoRestartRate 10/1h
Canonicalization relaxed/simple
ExternalIgnoreList refile:/etc/opendkim/TrustedHosts
InternalHosts refile:/etc/opendkim/TrustedHosts
KeyTable refile:/etc/opendkim/KeyTable
SigningTable refile:/etc/opendkim/SigningTable
SignatureAlgorithm rsa-sha256
Mode sv
PidFile /var/run/opendkim/
Socket inet:8891@localhost
SyslogSuccess Yes
LogWhy Yes
TemporaryDirectory /var/tmp

2) Next, add the key to /etc/opendkim/KeyTable

$ vim /etc/opendkim/KeyTable

3) Add which domain emails to be signed

$ vim /etc/opendkim/SigningTable


4) Enter from which domains, hostnames or IP addresses emails to be allowed to sign email headers. where I have whitelisted all the IP addresses, because I can control TrustedHosts using mynetwork variable in /etc/postfix/ file.

$ vim /etc/opendkim/TrustedHosts

5) configure opendkim socket in /etc/default/opendkim file

$ vim /etc/default/opendkim


6) Connect this to Postfix by appending the following block to /etc/postfix/

$ vim /etc/postfix/

milter_protocol = 2
milter_default_action = accept
smtpd_milters = inet:localhost:8891
non_smtpd_milters = inet:localhost:8891

DNS Setup

1. Setup SPF TXT record for IN TXT “v=spf1 a mx ip4: ~all”

2. DKIM TXT records for IN TXT “v=DKIM1;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC375RlqjIbyUmLmGhRQn82/jdFbYAdYqhDTqydf2VgaKjaVjLtQ8cBpCYZx8lYaQsKFtHFhLAm4CCMAwUtkl7kh38pz2qlg/FQotZ3HOfbzn5twr2Uz8w1RwGWF0opdEHYu5Pg31lr++tbnqjjrQqzpV7e7jS42p34K41vPjnYBQIDAQAB”

Setup a Postfix SMTP server which only allows specific recipient domains:

1) Open /etc/postfix/ & add below line at the end of the file.

transport_maps = hash:/etc/postfix/transport

2) Create /etc/postfix/transport file & insert the line specifying which domain should be allowed as below: :

3) Now need to create a hash of the transport file

$ postmap /etc/postfix/transport

Restart services

$ service opendkim restart

$ service postfix restart

Verify DKIM record

After configured DKIM record, verify the DNS record using the below link.

Verify your private key with the dkim record using the below command in postfix mail server

$ opendkim-testkey -d -s mail -k /etc/opendkim/ -vvvv

Test and verify your email

Get your email configuration rating using the mail tester site.

Send one email from any one of the mail hosts to the email address which is listed on the above site.

$ echo “Test mail” | mail -s “test mail” -S smtp=”” -r

Also, you can verify your email details on the mail server.

$ postcat -qv

ex. postcat -qa A3EDE40E09AF

Reference Links

SPF Links

Verify DNS Setup




Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s