-
- Getting Started
- Git and File-System Layout (non-default setup)
- Version Constraints
- Managing Themes and Plugins (for entire WordPress site)
- Updating Themes and Plugins (for entire WordPress site)
- Adding Composer Support to Your Own Themes and Plugins (for developers)
- Using Composer to Manage Own Theme/Plugin Dependencies (for developers)
-
- Assigning Multiple IP Addresses to Single LAN Card
- Disable IPv6 on Ubuntu 12.04
- dsh – distributed shell
- fdupes – find & replace duplicate files with hardlinks
- GPG Keys Cheatsheet
- Increase "Open Files Limit"
- kill all php, nginx, mysql or any kind of processes
- Passwordless Authentication for SSH
- Screen
- search replace in multiple files useing grep xargs sed
- Setup sftp
- sysctl.conf
- Timezone Sync
- Using Google Public DNS on Ubuntu Server
- Using openssl to match private key, cerificate and CSR
- Configure Postfix to Use Gmail SMTP on Ubuntu
- Logrotate Example for Custom Logs
- PHP 5.5, MySQL, Postfix, Nginx and WordPress on Ubuntu
- Serverdensity
- Upgrade Ubuntu 10.04 to 12.04
- Using find and sed to replace strings in multiple files
- Webmin
-
- .my.cnf – mysql user & password
- Analyse slow-query-log using Anemometer
- Improving MySQL Query Cache
- MySQL Query Profiling
- Reset MySQL root password
- tuning-primer.sh – an alternative for mysqltuner
- Using MariaDB 10
- Install/Upgrade to MySQL 5.6 on Ubuntu 12.04 LTS
- Change WordPress Domain Name
- Character Sets and Collations
- Enable innodb_file_per_table
- Enable Remote Access (Grant)
- Installing Percona Toolkit
- Using tmpfs for temporary folder creation
- YARPP and InnoDB
- Convert MyISAM to InnoDB
- Using tmpfs for mysqldump & mysqlimport
- Convert from INNODB to MYISAM
- Analyse slow-query-log using mysqldumpslow & pt-query-digest
- mysqlcheck with cron to optimize automatically
- Using MySQLTuner to Optimize MySQL configuration
-
- Checking FQDN, Reverse-DNS/PTR, MX record
- Clients
- DKIM with Postfix
- Postfix Queue Management
- RoundCube
- Server Setup
- Setup OpenDKIM
- SPF Records
- swaks – SMTP test tool
- Using larch for mail transfer between imap/gmail servers
- Debugging Postfix Config, Mail Logs & more
- Increasing Attachment Size in Posfix
-
- Adding $upstream_cache_status in HTTP Response Headers
- Amazon Elastic Load Balancer and Forwarding Real-IP Nginx
- Block wp-login.php bruteforce attack
- Configuring HTTP/2 Server Push
- Enable gzip compression
- fail2ban
- Let's Encrypt with EasyEngine
- Nginx's Open file cache
- Serving fonts with correct mime types
- SSL – PCI compliance and performance optimization
- Troubleshooting
- Tweaking fastcgi-buffers
- Using $upstream_cache_status in access.log
- Using Pagespeed
- Weak Diffie Hellman Logjam Attack Fix
- Website access restriction using nginx
- Enable Nginx Status Page
- Forwarding Visitor's Real-IP + Nginx Proxy/Fastcgi backend correctly
- Parsing access.log and error.logs using linux commands
- Debugging Nginx Configuration
- Nginx config for www to non-www and non-www to www redirection
- Optimizing Nginx Configuration
- Rewrite Rules for vBulletin SEO-friendly permalinks
-
- Directly connect to PHP-FPM
- Generating core-dump for php5-fpm
- GeoIP
- Having php5 and php7 on same system.
- Install Xdebug and configure it with webgrind
- Installation of PHP Code Review Tools
- memcache
- PHP's Zend Opcache Config & Web Viewer
- Setting Sqlite support with PHP
- Using HHVM with PHP-FPM Fallback
- Using Redis for PHP Sessions on Ubuntu Server
- Installing PhpMyAdmin Quickly
- Moving PHP's session storage to tmpfs
- Install Xdebug and configure it with Netbeans
- Nginx – Enable PHP-FPM Status Page
- PHP-FPM: Socket vs TCP/IP and sysctl tweaking
- APC Cache Optimization & Monitoring Using Web Interface
- Checking if PHP/WordPress can send mails
- Debugging PHP Scripts Using slow_log and more
- Increase file upload size limit in PHP-Nginx
- Increase PHP script execution time with Nginx
-
- Performance Optimization
- Remove Query string of css/js files
- Setup ElasticSearch with ElasticPress
- Using Redis for WordPress Object-Cache
- WooCommerce Window Shopping Caching Technique
- Moving WordPress To New Server (Faster)
- Better wp-cron using linux's crontab
- 404 error- Page not Found!!!
- Debugging WordPress with Nginx
Last updated on Dec 18, 2020
apt-get install opendkim opendkim-tools
Configure OpenDKIM:
Let’s start with the main configuration file:
^_^[root@example.com:~]# vim /etc/opendkim.conf
ExternalIgnoreList refile:/etc/opendkim/TrustedHosts
InternalHosts refile:/etc/opendkim/TrustedHosts
KeyTable refile:/etc/opendkim/KeyTable
SigningTable refile:/etc/opendkim/SigningTable
SOCKET inet:8891@localhost
Next OpenDKIM defaults file:
^_^[root@example.com:~]# vim /etc/default/opendkim
SOCKET="inet:8891@localhost"
Configure Postfix:
^_^[[email protected]:~]# vim /etc/postfix/main.cf
# OpenDKIM
milter_default_action = accept
milter_protocol = 2
smtpd_milters = inet:localhost:8891
non_smtpd_milters = inet:localhost:8891
Specify trusted hosts:
We will use this file to define both ExternalIgnoreList and InternalHosts, messages originating from these hosts, domains and IP addresses will be trusted and signed.
Because our main configuration file declares TrustedHosts as a regular expression file (refile), we can use wildcard patters, *.example.com means that messages coming from example.com’s subdomains will be trusted too, not just the ones sent from the root domain.
Customize and add the following lines to the newly created file. Multiple domains can be specified, do not edit the first two lines:
^_^[[email protected]:~]# vim /etc/opendkim/TrustedHosts
127.0.0.1
localhost
*.example.com
Create a key table:
A key table contains each selector/domain pair and the path to their private key. Any alphanumeric string can be used as a selector, in this example mail is used and it’s not necessary to change it.
^_^[[email protected]:~]# vim /etc/opendkim/KeyTable
mail._domainkey.example.com example.com:mail:/etc/opendkim/keys/example.com/mail.private
# mail._domainkey.example.net example.net:mail:/etc/opendkim/keys/example.net/mail.private
# mail._domainkey.example.org example.org:mail:/etc/opendkim/keys/example.org/mail.private
Create a signing table:
This file is used for declaring the domains/email addresses and their selectors.
^_^[root@example.com:~]# vim /etc/opendkim/SigningTable
*@example.com mail._domainkey.example.com
# *@example.net mail._domainkey.example.net
# *@example.org mail._domainkey.example.org
Generate the public and private keys:
Create a directory structure that will hold the trusted hosts, key tables, signing tables and crypto keys:
^_^[[email protected]:~]# mkdir -p /etc/opendkim/keys/example.com
^_^[[email protected]:~]# cd /etc/opendkim/keys/example.com
^_^[[email protected]:~]# opendkim-genkey -s mail -d example.com
-s specifies the selector and -d the domain, this command will create two files, mail.private is our private key and mail.txt contains the public key.
Change the owner of the private key to opendkim:
^_^[[email protected]:~]# chown opendkim:opendkim mail.private
Add the public key to the domain’s DNS records
^_^[[email protected]:~]# cat mail.txt
Copy that key and add a TXT record to your domain’s DNS entries:
Name: mail._domainkey.example.com.
Text: "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5N3lnvvrYgPCRSoqn+awTpE+iGYcKBPpo8HHbcFfCIIV10Hwo4PhCoGZSaKVHOjDm4yefKXhQjM7iKzEPuBatE7O47hAx1CJpNuIdLxhILSbEmbMxJrJAG0HZVn8z6EAoOHZNaPHmK2h4UUrjOG8zA5BHfzJf7tGwI+K619fFUwIDAQAB"
Please note that the DNS changes may take a couple of hours to propagate.
Restart Postfix and OpenDKIM:
^_^[[email protected]:~]# service postfix restart
^_^[[email protected]:~]# service opendkim restart
Testing DKIM setup for correctness:
Anything we do, especially for the first time, must end with successful testing!
There are many tools for testing. Some of them are mentioned below.
Verify DNS Records for OpenDKIM Setup
dig mail._domainkey.example.com TXT
;; ANSWER SECTION:
mail._domainkey.exmaple.com. 86400 IN TXT "v=DKIM1\;" "k=rsa\;" "t=y\;" "p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5N3lnvvrYgPCRSoqn+awTpE+iGYcKBPpo8HHbcFfCIIV10Hwo4PhCoGZSaKVHOjDm4yefKXhQjM7iKzEPuBatE7O47hAx1CJpNuIdLxhILSbEmbMxJrJAG0HZVn8z6EAoOHZNaPHmK2h4UUrjOG8zA5BHfzJf7tGwI+K619fFUwIDAQAB"
Webbase tool: http://www.protodave.com/tools/dkim-key-checker/
Use selector mail and domain example.com there.
Verify OpenDKIM Signing:
The configuration can be tested by sending an empty email to [email protected] or [email protected] and a reply will be received. If everything works correctly you should see DKIM check: pass under Summary of Results.
=========================================================
Summary of Results
==========================================================
SPF check: pass
DomainKeys check: neutral
DKIM check: pass
Sender-ID check: pass
SpamAssassin check: ham
Alternatively, you can send a message to a Gmail address that you control, view the received email’s headers in your Gmail inbox, dkim=pass should be present in the Authentication-Results header field.
Authentication-Results: mx.google.com;
spf=pass (google.com: domain of contact@example.com designates --- as permitted sender) smtp.mail=contact@example.com;
dkim=pass header.i=@example.com;
Test using swaks
apt-get install swaks
swaks -t check-auth2@verifier.port25.com -f contact@example.com
Test using mail-tester.com
Better choice will be to use a service like http://www.mail-tester.com/ which gives you a temporary email ID and web-interface to see what happens to the email on receiving end!
For WordPress, its better to test using Check Email plugin as you will get a better picture of what happens to mail sent from WordPress!