Setup Smtp Server in Ubuntu Server

Here’s a guide to set up Postfix as an SMTP server that only allows local connections (from Docker containers and the local host). We’ll also set up OpenDKIM for DKIM signatures.

Setup

Set some variables

1
2
3
4
5
6
export MAIL_HOSTNAME=__domain_name__

# format: {machine-name}_{sequence number}_{comment or subdomain}
# if no comment or subdomain, leave empty, like below
# sequence number is used to avoid conflict with other postfix instances on the same machine
export DKIM_SELECTOR=server01_01_

Install necessary packages

1
sudo apt update && sudo apt install -y postfix opendkim opendkim-tools

During the Postfix installation process, choose the following options:

General type of mail configuration: Internet Site
System mail name: {MAIL_HOSTNAME you just set}

Change IPs allowed to connect to Postfix

Edit /etc/postfix/main.cf:

1
sudo vi /etc/postfix/main.cf

Allow private IPs to connect, this will also allow Docker containers (which IPs are 172.x.x.x) to connect:

1
2
3
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 172.16.0.0/12
inet_interfaces = all
inet_protocols = all

Configure OpenDKIM

Create the DKIM keys directory:

1
sudo mkdir -p /etc/opendkim/keys/${MAIL_HOSTNAME}

Generate the DKIM keys: (If you need multiple mail server on different machines using same domain, remember change ‘default’ to other text on other machine, or you will encounter problem setting DNS record)

1
sudo opendkim-genkey -b 2048 -d ${MAIL_HOSTNAME} -D /etc/opendkim/keys/${MAIL_HOSTNAME} -s ${DKIM_SELECTOR} -v

Set permissions:

1
2
sudo chown -R opendkim:opendkim /etc/opendkim
sudo chmod go-rw /etc/opendkim/keys/${MAIL_HOSTNAME}/${DKIM_SELECTOR}.private

Edit /etc/opendkim.conf:

1
sudo vi /etc/opendkim.conf

Add or modify the following lines:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
Domain                  {paste the $MAIL_HOSTNAME you just set}
KeyFile                 /etc/opendkim/keys/{$MAIL_HOSTNAME you just set}/{paste the $DKIM_SELECTOR you just set}.private
Selector                {paste the $DKIM_SELECTOR you just set}
AutoRestart             Yes
AutoRestartRate         10/1h
UMask                   002
Canonicalization        relaxed/simple
InternalHosts           192.168.0.0/16, 10.0.0.0/8, 172.16.0.0/12
Mode                    sv
Socket                  inet:12301@localhost
PidFile                 /run/opendkim/opendkim.pid
SignatureAlgorithm      rsa-sha256
UserID                  opendkim

Integrate OpenDKIM with Postfix

Edit /etc/postfix/main.cf:

1
sudo vi /etc/postfix/main.cf

Add or modify the following lines:

1
2
3
4
5
# For OpenDKIM
milter_default_action = accept
milter_protocol = 6
smtpd_milters = inet:localhost:12301
non_smtpd_milters = inet:localhost:12301

Add SPF record to DNS

SPF is set up as a DNS TXT record. To set up SPF for your domain, you’d add a TXT record like:

1
v=spf1 a mx ip4:<your_server_IP> -all

To allow some server:

1
v=spf1 a:your.domain.com -all

Screenshot of SPF record in GoDaddy DNS settings:

Restart services

1
sudo systemctl restart opendkim && sudo systemctl restart postfix

Publish your DKIM public key

The public key generated by OpenDKIM needs to be added to your domain’s DNS as a TXT record. Check the content of the file /etc/opendkim/keys/${MAIL_HOSTNAME}/${DKIM_SELECTOR}.txt and add it as a TXT record in your DNS settings.

[!NOTE] Some personal experience the screenshot above shows the content of /etc/opendkim/keys/${MAIL_HOSTNAME}/${DKIM_SELECTOR}.txt, but it’s not clear how to add it to DNS settings. solution: remove the double quote (") around the content, and paste it into GoDaddy DNS settings.

Screenshot of DKIM public key in GoDaddy DNS settings, notice no double quotes:

Test configuration

Remember to set proper “From: " address, or you will fail DKIM and SPF test by Gmail.

1
2
sudo apt install mailutils
echo "This is a test email from ${MAIL_HOSTNAME}" | mail -s "Test Email" -a "From: noreply@${MAIL_HOSTNAME}" recipient@example.com

How to set up multiple DKIM domains

I have a domain a.com, but I want to set up a second domain b.com with the same DKIM keys. Here’s how to do it:

Generate DKIM Keys for Both Domains

If you followed the steps in the previous answer, you have already generated keys for a.com. Now you need to generate keys for b.com.

a. Create the DKIM keys directory for b.com:

1
sudo mkdir -p /etc/opendkim/keys/b.com

b. Generate the DKIM keys for b.com:

1
sudo opendkim-genkey -b 2048 -d b.com -D /etc/opendkim/keys/b.com -s server01_01_ -v

c. Set permissions:

1
2
sudo chown -R opendkim:opendkim /etc/opendkim/keys/b.com
sudo chmod go-rw /etc/opendkim/keys/b.com/server01_01_.private

Update OpenDKIM Settings

a. Modify /etc/opendkim.conf:

1
sudo vi /etc/opendkim.conf

Change the Domain and KeyFile lines to:

1
2
Domain                  *
KeyFile                 /etc/opendkim/keys/%d/server01_01_.private

This configuration allows OpenDKIM to dynamically select the correct key based on the domain of the outgoing email.

KeyTable and SigningTable Configuration

Add KeyTable and SigningTable configurations to OpenDKIM:

a. Modify /etc/opendkim.conf and add:

1
2
KeyTable           refile:/etc/opendkim/KeyTable
SigningTable       refile:/etc/opendkim/SigningTable

b. Create KeyTable:

1
sudo vi /etc/opendkim/KeyTable

Add:

1
2
a.com:default:/etc/opendkim/keys/a.com/server01_01_.private
b.com:default:/etc/opendkim/keys/b.com/server01_01_.private

c. Create SigningTable:

1
sudo vi /etc/opendkim/SigningTable