====Adding Domains to ASSP 2====
How to add domains to an existing ASSP install based on “Install ASSP 2.x on CentOS 7.docx”

==Add Domain in Web UI==
Add your domain in:
<code>
Recipients/Local Domains/Transparent Recipients and Domains--> Local Domains* (localDomains)
</code>
The format should be like
<code>
domain1.com|domain2.com|domain3.com|domain4.com
</code>

==Allow Relaying==
This will allow relaying from the public IP of your MTA to ASSP
<code>
Relaying / Outgoing and Local Mail -> Accept All Mail* (acceptAllMail)
</code>
The format should be like
<code>
ip.add.re.ss|10.0.0.1|20.30.20.2|14.28.190.88
</code>

==Add Domains in Postfix==
Postfix will deliver your email to your MTA, define the destinations here per domain

==Edit the Postfix Transport file==
<code>
sudo vim /etc/postfix/transport
</code>
Add this to a file
<code>
test1-dom.com       smtp:[internalhost.domain.com]     # where internalhost.domain.com is your internal mail server
test2-dom.com       smtp:[internalhost.domain.com]     # if this is different mail server you can specify it here
test3-dom.com       smtp:[internalhost.domain.com]
test4-dom.com       smtp:[internalhost.domain.com]:235 # here we use a custom port so that port 25 isn't open to the public on the MTA
</code>

==Generate the transport map==
<code>
sudo postmap /etc/postfix/transport
</code>

====Enable DKIM====
This will create DKIM keys which will help validate your domain with other MTA

==Generate Keys==
<code>
sudo opendkim-genkey --domain=example.com --selector=default --verbose
</code>
This will produce two files named mail.private and mail.txt. Rename them to something more meaningful.
<code>
sudo mv default.private /etc/opendkim/keys/example.com.key
sudo mv default.txt /etc/opendkim/keys/example.com.dns
</code>

==Set Permissions==
<code>
sudo chown -R opendkim:opendkim /etc/opendkim/keys
sudo chmod -R 700 /etc/opendkim/keys
</code>

==Update DNS Records==
Once you have the keys from the above command you'll need to update the DNS with your domain registrar. Open the DNS file that was created, is should look something like this
<code>
default._domainkey      IN      TXT     ( "v=DKIM1; k=rsa; "
          "p=MIGfMA0GCSqGSIb344400sDFjSSDDNADCBiQKBgQC8iQZE2Ri7oEVMPprWVwt1eLhf6kOl7e/ufXPJYoB3f4K7dynhxTc4QnhOIgDLbih5FnzqKzA49/cngexDcz36CoLySlcYHWIyqoj6iP/Yrn1svCR1vc1jTCFU7HkEVhJ1YqNIE2ZpnnKMR28SHR+rtxOKnk1xpxexHXCpWwMHKwIDAQAB" )  ; ----- DKIM key default for domainname.com
</code>
On your domain registrar create a TXT record.
<code>
Host: default._domainkey
</code>
<code>
TXT Value: v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb344400sDFjSSDDNADCBiQKBgQC8iQZE2Ri7oEVMPprWVwt1eLhf6kOl7e/ufXPJYoB3f4K7dynhxTc4QnhOIgDLbih5FnzqKzA49/cngexDcz36CoLySlcYHWIyqoj6iP/Yrn1svCR1vc1jTCFU7HkEVhJ1YqNIE2ZpnnKMR28SHR+rtxOKnk1xpxexHXCpWwMHKwIDAQAB;
</code>

==Trusted Hosts==
Create a file of external hosts that DKIM should trust, one per line and comments are allowed, this should be the FQDN of any sending mail server that will relay through the ASSP server.  
<code>
sudo vim /etc/opendkim/TrustedHosts
</code>
Here are example contents for our domain.
<code>
#
# External Hosts that OpenDKIM will Trust
edoceo.com
gcdn.org
he.edoceo.com
s001.edoceo.com
</code>

==Key Table for Multiple Domains==
This will map the domain key for each domain.
<code>
sudo vim /etc/opendkim/KeyTable
</code>
<code>
# $sender-pattern:$signing-domain:$keypath
default._domainkey.example.com example.com:default:/etc/opendkim/keys/example.com.key

default._domainkey.dom2.com dom2.com:default:/etc/opendkim/keys/dom2.com.2015.private

default._domainkey.dom3.com dom3.com:default:/etc/opendkim/keys/dom3.com.2015.private

default._domainkey.dom4.com dom4.com:default:/etc/opendkim/keys/dom4.com.2015.private
</code>

==Update Signing Table==
<code>
sudo vim /etc/opendkim/SigningTable
</code>
<code>
*@dom1.com mail._domainkey.dom1.com
*@dom2.com mail._domainkey.dom2.com
*@dom3.com mail._domainkey.dom3.com
*@dom3.com mail._domainkey.dom3.com
</code>

==Restart Services==
<code>
sudo systemctl restart opendkim.service
sudo systemctl restart postfix.service
</code>

====SPF====
On your domain registrar you'll want to add an SPF record. The record should be similar to the following:
<code>
Host: @
</code>
<code>
TXT Value: v=spf1 a:mail.dom1.com a:asspX.domX.com a:asspX2.domX.com a:smtp03.sec.haddentech.com -all
</code>
The value "a:" is an A record value and should include a record for each MTA/mail server and a record for each ASSP relay that you are going to send through.

====Dovecot SASL Authentication====
Configure Dovecot SASL so external mail server can authenticate and send via ASSP

Create local OS user with passwords which represent the external mail servers:
<code>
sudo useradd mail.sendingmta1.com && passwd mail.sendingmta1.com
</code>
Use this as the user name and password to authenticated when sending from your MTA to ASSP as a relay/smarthost.