Skip to content

Commit

Permalink
Enable SPF and DKIM
Browse files Browse the repository at this point in the history 
* Add SPF/DKIM to DNS records.
* Add opendkim to postfix role.

This mostly comes from https://www.linode.com/docs/email/postfix/configure-spf-and-dkim-in-postfix-on-debian-9/

#260

Signed-off-by: Ben Kochie <superq@gmail.com>
  • Loading branch information
@SuperQ
SuperQ committed Feb 22, 2020
1 parent 83ff12d commit 777b958
Show file tree
Hide file tree
Showing 8 changed files with 327 additions and 9 deletions.
9 changes: 6 additions & 3 deletions files/coredns/zones/noisebridge.com
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,19 +4,22 @@
$TTL 3600

noisebridge.com. IN SOA ns.noisebridge.net. hostmaster.noisebridge.com. (
2018030600 ; Serial
2020022200 ; Serial
3600 ; Refresh
300 ; Retry
604800 ; Expire
300 ) ; Minimum

; name server records
@ IN NS ns.noisebridge.net.
@ IN NS dns.hexapodia.org.
@ IN NS ns1.noisebridge.net.
@ IN NS ns2.noisebridge.net.

; hostnameless access
@ 300 IN A 216.252.162.220
@ 300 IN AAAA 2602:ff06:725:5:dc::1337

; SPF
@ 86400 IN TXT "v=spf1 redirect=spf.noisebridge.net"

; aliases
www 300 IN CNAME m3.noisebridge.net.
13 changes: 12 additions & 1 deletion files/coredns/zones/noisebridge.net
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
$TTL 3600

noisebridge.net. IN SOA ns1.noisebridge.net. hostmaster.noisebridge.net. (
2019061900 ; Serial
2020022200 ; Serial
3600 ; Refresh
300 ; Retry
604800 ; Expire
Expand All @@ -18,6 +18,16 @@ noisebridge.net. IN SOA ns1.noisebridge.net. hostmaster.noisebri
@ 300 IN A 216.252.162.220
@ 300 IN AAAA 2602:ff06:725:5:dc::1337

; SPF
@ 86400 IN TXT "v=spf1 redirect=spf.noisebridge.net"
spf 86400 IN TXT "v=spf1 mx a:lists.noisebridge.net a:m3.noisebridge.net a:m4.noisebridge.net a:m5.noiesbridge.net a:m6.noisebridge.net ~all"

; DKIM key mail for noisebridge.net
mail._domainkey IN TXT ( "v=DKIM1; h=sha256; k=rsa; t=y; "
"p=MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAwQ/A9wWjtaZlyqJOkmFLZd/eFzqWotOJ7AScqa9IAyUk1SH9TYZWPXfR0IHGMhswXfT0VZhopTKusPu09V385k6DMYmBys4QJaOgHCKZ5/13EUYR2M3WArAZbudzXzy6uZBh+FFuv5BuPVRd7elVeqDK0ZBHX90kpV8f1mAQANRBRSYJ0RctwcJzq88iRvGi2Csxemuk1VTXRC"
"UEWzpJOZL1oG80KhOfHRkFUdsgY+SYmQMKjaDMThCDLvh6718tbssSfUI8YPKbsGlNNleXpoIZZ4MCJ0TfbRTXmSqOyHh6XTLGPIVI2qajqiLEcBj0biwO0TF0bV7pLodlRfWZRiaRp3ATMBiDY/Zo68RlmuxqOrxrweN/JMS0kALoVAs3vVFhrH2CTu9zwZf5blVUfvs80+CxWorQOdV7Vjp1K+6JukH0vuMCK72L4W7AGbK76QQFKcG1"
"CS+EEgiBMBr98i64wKPeqPpGT6Bj5AKR14oPYRFwW0JbZGMpwX+FOmqT9X8BfnhH7b2Y7q25y/r94OdvmBxyabZBu4S+BaYRFN04B6+LpzPgD5YfVn3BMVoBlctjL6NIHhacRnnGsQRkrqTB43slGpM40gDUe1+3R3NpkHl3p59q/6RPafX9fwi9Vcvp+oxjFNXqaAdXdOr04zUbmJcgzzbOF9u2rtqcBI8CAwEAAQ==" )

; name servers
ns 86400 IN A 216.252.162.220 ; m3 in iocoop SCL
ns 86400 IN AAAA 2602:ff06:725:5:dc::1337 ; m3 in iocoop SCL
Expand All @@ -32,6 +42,7 @@ noisebridge.net. 300 IN MX 10 m3.noisebridge.net.
; aliases
www 300 IN CNAME m3.noisebridge.net.
lists 300 IN CNAME m3.noisebridge.net.
lists 86400 IN TXT "v=spf1 redirect=spf.noisebridge.net"

; Primary hosting servers.
m2 IN A 204.246.122.84 ; Old iocoop MSP VPS
Expand Down
9 changes: 6 additions & 3 deletions files/coredns/zones/noisebridge.org
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,19 +4,22 @@
$TTL 3600

noisebridge.org. IN SOA ns.noisebridge.net. hostmaster.noisebridge.org. (
2018030600 ; Serial
2020022200 ; Serial
3600 ; Refresh
300 ; Retry
604800 ; Expire
300 ) ; Minimum

; name server records
@ IN NS ns.noisebridge.net.
@ IN NS dns.hexapodia.org.
@ IN NS ns1.noisebridge.net.
@ IN NS ns2.noisebridge.net.

; hostnameless access
@ 300 IN A 216.252.162.220
@ 300 IN AAAA 2602:ff06:725:5:dc::1337

; SPF
@ 86400 IN TXT "v=spf1 redirect=spf.noisebridge.net"

; aliases
www 300 IN CNAME m3.noisebridge.net.
167 changes: 167 additions & 0 deletions files/postfix/dkim.key
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,167 @@
$ANSIBLE_VAULT;1.1;AES256
36363834333335363130386462323438396665633865396534623330396533373336386164646430
3764306432313638366465613834326634656138636436610a343861346533303032363935366239
32343639626561346534316135353562663465333936613166333266653938326438366334636530
6635366363393964340a303661633933646439323761323662303766626366623631366535316438
64623337343631613361663937613262353263356336386465356432333235353564353930356431
63386332316265623565663834376130626636666533353032623839623930323538313635323435
61393136306335343739633232346363363032643833346561663335353532383333656366666635
39626338653630306164303036353933643930373834313134623539653731383563313530346264
30343734653430346230386630363030336264333462663462643436363239363339653465663733
32646631663431386232623137356635623232613730373837646364303066663138343239306465
64646331366563656663653866346264643663613331396136383438356337343133363834326136
35653836653763326231643437383066626438386461313162373064653532393234623731623336
62356362346537333538616532353339303161333231653363326663636663633638613435383264
64383364366533626261373731313361626562666230383536633233316637616361623562306261
30353263653730366533613839316337636339313936616566343635303463383663373162363035
35366434626136396332326436316632366634643036613366376566363265346433316363323637
65393063633861636561373634613438636534356634336130646264306330343232373264663961
66376533316335623963343366663731303935313638363364356465333361366665643163353932
62663137613830343532633462373664383033643539326330366332363462393863336632323939
34383563656432643765653766313166386566656338643735636266326135643730336363323030
33383535643262646561663661336331343539613036633539393439346130643663643663373930
65383239653865326337663066323666363063653962306637373039613335613432396262313334
61353637393632313030666565623631626331656238373830646537653561323562303236636530
39383766626133356465373865623164303937353762633464353938643938393132386530636466
34623631363364356637373432303330633230613830623938353366386430303431663635313965
33356235356661616461373233346439613338313534626361343566316638353761303831653866
39383161343065663332326636623062316162333433353934643061396331353233346666393034
30306331303862333333303265393737656136306437373732303337373937353865656535316166
32643331303032663135646234306332393730633438633165653261616166383536343336363531
35333263353731313432303335333033613363396663313530656164336135336531333163386339
66613036633739316434386166313334343731623934633338333761353363633661326164643632
34623736646566336131363032306561373164653737356335393132613733353963356130303466
34303037333030626136386564636434656666626439633533333036303362636236316538363863
62626435633630363361666233353534656136316236636636653732363733316134623332373832
62623365393130306664636561396334663363323335326131393265303237313064613032393236
35663737623262393937656630623066373939376234356331633931656536353837356461323863
64376230326666383137656664316434613262356665376536643938646163363439303462316533
37613936383633313361666334366432306434313162326262626536353561646533643439663332
35316430616266363134383563373132623031383433616138353464643063646462363164353763
31633433363261653036613038346463303761626163323662363463353332343764613665666537
34323661306438353031656437613164646635333435356266616634663134663331323831666133
31326633343030346431333762343162623934643135323765326339363839373763333231313037
31333734366163383135623661336431663236633639306665613564663935643461623162383832
63616466303036373039303132616338653934343137656638656332363261633666313265356537
30633665373462666133613430373132353236663035353838303933616666303563343230636661
64346137323232313236356662313563343834666137313334376232363463663232373838393735
37393635633336386635353337336333346564646266633239386664633937333565643862353031
64666362306337313138346166373235663061303236323262313037373864383261333361323030
63323732353736623664313262323462623639366663646633626339353030636433333661356364
61393438343065613662636331383861393662363462663564643638326635303736363061343866
62666163666536663963616639363531626664373064343933636439646465313038363737333632
63313937666663656437366364303139386363373235643761343430373233643866343239383934
33366662333235323831653134396163613935303934303839633661383965393931356638323631
31633339373966656361363866386161616336663064383435343733313936306662393135666430
61376133323630313033646439363435646461393338316361633863306435623662383238353835
33616135316632306236346534383737313666313939383536393736356165646264616334303364
39663033323031646638343765376366323935646136336361383261336131393863383966373963
32626638386134386463303139663466636537333263663165653036613136316433373165613865
63643761383163653339626436336161653732373861356532366230306363633634653139313864
36623662363331643230323162633237313634343930636430313137356665346661323038353432
66323266383930393539383663386661613139353539353636316466393065343735343361643237
63653837616531346139636333623362386638343562303064396637663361316633343064383662
65393934636464646566643037666161643233373961323234343330333962663163346138393133
63363434383063366536386436373730303464626363636566643833653035613066313162363333
61646537356434323033323530356135333830646533353438376439313761626532316363353237
65313230396461356463343034326133333261366431633134643430393639633930346336656237
39643232323762613635303838393130353864626138323936326563323533313966656139643738
32306335303066666463336138643361666536336630616536386232393533623538663765633333
65303363636531333838336564383737633039333631306138666632393339623133636162393239
66316430386564393265356461313938613037343533363364633538666363316532376633643135
64623063323537323633633331386539316639356361666364306164616665333462353335643836
35383332373665303035323866626163343066363337303962616266313232333234363333653434
32656136623266336464633830616234303865343830376364613631616537323039663164363730
36643765323235363733383461343237626265623064353239303137663962636562326239326636
33356261626132383635666661656266336436373863336365643332306231363736333964303735
65663837343236633163626463623637396464323462303031346137313637626233616661346430
32353764393737393937323630366465643435633031303238316339353933663666633365333966
64633335613062356464646161623631643864363561376335303934653864366230653633303566
31653865343037346333366463396633643231656530326262333363343637643936316130323463
38313366376337643138383362316634613731663466353634313934666565386535363932633336
38613462326334363333326638383839656539663965643133303063363664666536393939633336
64376131653330353661356333313332623231336164666465656130613734656330663733306433
63373933306264613564333534313966613239666436323934613662383630616236663333333730
38303562326161613238346663623237316265666430616231303332366635636462303462313462
34336432396237616563386236643461323735626439646565393234343361303166313766326531
30323139353438353465316462303730376231363238356333616230653534636239353036616531
30633065383532303561323966353936386638633136323662316335313335333439366561393439
35653266623339613639653638356131303263316463636337616131353437396535633237353633
36666464626538323934616562643032366163386537323832613565623432373966343738383332
66356335613733383537646163313335356461656465653631393761613430383638613535643466
66323732393464346534666461653964343562333735653361313935313463376338353431613433
37636261333937363337626332343439636635336332363632346231633930656435326566303965
66663563623835393932383335656433643564393265663930316363393330626538626138623762
30333163303531663932343263386532646461616161323531373339623939393331343032626133
63346632656266653537366163656262373934616436386138646164393565353338316565323434
66393561633532363730656332633365623532323265656364313365353238663138346537616261
38326435653134356661663262303465666366306564643137633063356430303962313638303962
30303266656230333934656630646166643065313733633438393436396362636530353666633032
39313436663731343934353938376233636233343132666330636638383735643163653638386138
66333833393562323838303231636139613862353830356361663134646132653739653330653737
34633465366538643238333038656230386135396334333033616238616335656331326131383037
62386563363839383932396639363639346530323930643438333338636461646633313233666432
61346238343437623964323032383236646133356465333239353136656232613538623236636333
62663665636366626366326431336363646538623366376362303665616364353739383762636339
35623133646432316662353562346362373833323432616365303866376465316661643166366366
65623864323361313664643461396634356566626661643366616361303166393935393536333962
64613536393630396430633838386135633466333862643465383132373061653338393962333333
34333637316164346334613135306534363765363436383163363365366264613565393462303266
35666130396331333233353165663563306236343531663539653735376137376564343933663830
38343765306166376138353736313936366262613963663538366462346636336436613661326265
35356430623136613664633664626235623164303263633333376464343431373530663933326534
61343862393463323964613336656334663262383366666564343139363163613933626233336432
65343534336666623562616265376531343434636338636535326132316539383134613332393535
33633930346438646132313239656535383730663964633631313530666238386633633563333635
31373638616365306138326661393337383334396163386136393239316633333134666466306338
37363564306366393439643562313436323963636632623539383135633530613438343566383665
64633163616466353964636238653030346562336366363532303565373938353435633766616333
62393633666138623834313939663065646132643764343232373663323836393962656661646333
38363733323436333765656630393364396464343635643066653238353033626262633034643231
30366638373031306465376436386261306635356464646338613130636634346339343437623534
39356139323966326264373838376661373065633432306634633532353566663466343633613834
34323438353238306666393735636334653266303030653566363365306665636433626235666461
65383663313434393132643838363539333435393763356633363836323666333533376335346134
36343034376135633063303962623935616536373239306331613035303661383761396265663736
64386662633431363134336265643463383062373330313266643436386334363466333038663461
63383834653132363663393035626430366130633634316439366365646464323434623333303730
66316638623536616366663337383235363432306632346465303863313763646465323034323036
62323638323930356362373339333637643565623735353637343065336131663363633933613936
66336232333733313865323962313334643834333564613864316133626461353665393935386438
65623166303165333733653239393233393230653534346533333164303032666639386230653066
37386562393362313435323864623930613030366138353439306231396437303638383465333664
38626365386563613834386534373437323663326137646236343633653439306137613165393864
32653338306230633564653462323264376138623763653737623331396531393438636537396666
64366164356465663161626663646538653831353530653336613331643863316130313361633730
34613137633761636161623239653932383135373435303338393234353337343465383863646132
34653562343564616630393839363931356363316333663830633331633230363266336665343737
32653939663635646133373361613065656665616632313637303338323961363731636361396135
30633034366639663665663261663430643635656134353538333135626163376462343661313565
33626266386130633164353264306539333030363231656631373231363832353062303131373738
65393732336566336435366330303633386336646561323661393631303137633166363533663436
34323534393139343331623364653836613937303636323832356465303666663865313439333534
39303435643233613035336364613039663839633636613666356438613935333138313266343633
36666136373631313734326264656635353336306562363563343439333037663737303138356536
66326665316232396232376334383866356337626132363732363530323437633235376162393038
38343532333831336532363037636262373937356238336134356139343266396639656137323636
66643236356138333131363239303836383165396435643535663964353930346133653837616239
63363862633063623166613234336266316166656462303335333832323637626362333732666166
65663633306565653931346564343263623936626633376163373437346563373664383430613164
31633762613731326232323034346165366234376335343136393366373865663639383262393265
34633831663836666633393138626133343834306338613964303664366333306335363765343935
34633231303633396364306363346664653038616464363737396635376562383966323561626464
37343435633531383534323566383538653738393739383037613163346663393037653765346330
31333630366465393031393334386261363539653262663963393265363861363434363033653332
35333137303837663233326261653434633834326262663665306431363761316136363036376466
30303064633062333639626662383535323736643333353962633162386639346132626436373663
66323730316531356531613234313232306130653238313232366233386634383832363631326537
33323363393739646639323537616231313937363166393634653734373737653931623865373137
30323439313364396438646161303063316263346538306135316534353634303730363038653533
34643433353534353439303630633637306438663134616566353637383861356237333765303661
36336234393465306661366666333636383563616532633032396361343735316662373636343534
30633234363336666639653561623034663966623831616336343839333563323432653862656538
33646363303662626166646162386566343538353766653862346665323761373636326632303134
38663033646238663362303963333533626663343661623333343633633765666536366463363931
35633130333937633964333462356536633561623562336231336131353537313432373931653964
65396633313137643265646266633133303130323366643733393462346564386239316138326331
3866343132363136353862636232343635653834323635623261
13 changes: 11 additions & 2 deletions roles/postfix/handlers/main.yml
View file
Original file line number Diff line number Diff line change
@@ -1,9 +1,18 @@
---
- name: restart opendkim
systemd:
name: opendkim
state: restarted

- name: restart postfix
service: name=postfix state=restarted
systemd:
name: postfix
state: restarted

- name: restart postgrey
service: name=postgrey state=restarted
systemd:
name: postgrey
state: restarted

- name: reload-aliases
command: /usr/bin/newaliases
Expand Down
37 changes: 37 additions & 0 deletions roles/postfix/tasks/main.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,8 @@
- postfix-pcre
- postgrey
- procmail
- opendkim
- opendkim-tools
tags:
- postfix
- mail
Expand Down Expand Up @@ -93,6 +95,41 @@
notify:
- restart postfix

- name: setup opendkim postfix socket dir
file:
path: /var/spool/postfix/opendkim
state: directory
owner: opendkim
group: postfix
mode: 0755

- name: configure opendkim socket
lineinfile:
dest: /etc/default/opendkim
regexp: "^SOCKET="
line: 'SOCKET="local:/var/spool/postfix/opendkim/opendkim.sock"'
state: present
notify:
- restart opendkim

- name: copy dkim key
copy:
src: postfix/dkim.key
dest: /etc/dkimkeys/dkim.key
owner: opendkim
group: opendkim
mode: 0400
notify:
- restart opendkim

- name: add postfix user to opedkim group
user:
name: postfix
groups: opendkim
append: yes
notify:
- restart postfix

- name: configure secure submission port
replace:
regexp: "^#submission .*"
Expand Down
7 changes: 7 additions & 0 deletions roles/postfix/templates/main.cf
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
{{ ansible_managed | comment }}
# See /usr/share/postfix/main.cf.dist for a commented, more complete version

# Debian specific: Specifying a file name will cause the first
Expand Down Expand Up @@ -88,3 +89,9 @@ message_size_limit = 100000000

# SuperQ (2013-03-20): Reduce default process pools from default of 100
default_process_limit = 50

# DKIM setup
milter_default_action = accept
milter_protocol = 6
smtpd_milters = local:opendkim/opendkim.sock
non_smtpd_milters = local:opendkim/opendkim.sock
Loading

0 comments on commit 777b958

Please sign in to comment.