How to add domains to an existing ASSP install based on “Install ASSP 2.x on CentOS 7.docx”
Add your domain in:
Recipients/Local Domains/Transparent Recipients and Domains--> Local Domains* (localDomains)
The format should be like
domain1.com|domain2.com|domain3.com|domain4.com
This will allow relaying from the public IP of your MTA to ASSP
Relaying / Outgoing and Local Mail -> Accept All Mail* (acceptAllMail)
The format should be like
ip.add.re.ss|10.0.0.1|20.30.20.2|14.28.190.88
Postfix will deliver your email to your MTA, define the destinations here per domain
sudo vim /etc/postfix/transport
Add this to a file
test1-dom.com smtp:[internalhost.domain.com] # where internalhost.domain.com is your internal mail server test2-dom.com smtp:[internalhost.domain.com] # if this is different mail server you can specify it here test3-dom.com smtp:[internalhost.domain.com] test4-dom.com smtp:[internalhost.domain.com]:235 # here we use a custom port so that port 25 isn't open to the public on the MTA
sudo postmap /etc/postfix/transport
This will create DKIM keys which will help validate your domain with other MTA
sudo opendkim-genkey --domain=example.com --selector=default --verbose
This will produce two files named mail.private and mail.txt. Rename them to something more meaningful.
sudo mv default.private /etc/opendkim/keys/example.com.key sudo mv default.txt /etc/opendkim/keys/example.com.dns
sudo chown -R opendkim:opendkim /etc/opendkim/keys sudo chmod -R 700 /etc/opendkim/keys
Once you have the keys from the above command you'll need to update the DNS with your domain registrar. Open the DNS file that was created, is should look something like this
default._domainkey IN TXT ( "v=DKIM1; k=rsa; "
"p=MIGfMA0GCSqGSIb344400sDFjSSDDNADCBiQKBgQC8iQZE2Ri7oEVMPprWVwt1eLhf6kOl7e/ufXPJYoB3f4K7dynhxTc4QnhOIgDLbih5FnzqKzA49/cngexDcz36CoLySlcYHWIyqoj6iP/Yrn1svCR1vc1jTCFU7HkEVhJ1YqNIE2ZpnnKMR28SHR+rtxOKnk1xpxexHXCpWwMHKwIDAQAB" ) ; ----- DKIM key default for domainname.com
On your domain registrar create a TXT record.
Host: default._domainkey
TXT Value: v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb344400sDFjSSDDNADCBiQKBgQC8iQZE2Ri7oEVMPprWVwt1eLhf6kOl7e/ufXPJYoB3f4K7dynhxTc4QnhOIgDLbih5FnzqKzA49/cngexDcz36CoLySlcYHWIyqoj6iP/Yrn1svCR1vc1jTCFU7HkEVhJ1YqNIE2ZpnnKMR28SHR+rtxOKnk1xpxexHXCpWwMHKwIDAQAB;
Create a file of external hosts that DKIM should trust, one per line and comments are allowed, this should be the FQDN of any sending mail server that will relay through the ASSP server.
sudo vim /etc/opendkim/TrustedHosts
Here are example contents for our domain.
# # External Hosts that OpenDKIM will Trust edoceo.com gcdn.org he.edoceo.com s001.edoceo.com
This will map the domain key for each domain.
sudo vim /etc/opendkim/KeyTable
# $sender-pattern:$signing-domain:$keypath default._domainkey.example.com example.com:default:/etc/opendkim/keys/example.com.key default._domainkey.dom2.com dom2.com:default:/etc/opendkim/keys/dom2.com.2015.private default._domainkey.dom3.com dom3.com:default:/etc/opendkim/keys/dom3.com.2015.private default._domainkey.dom4.com dom4.com:default:/etc/opendkim/keys/dom4.com.2015.private
sudo vim /etc/opendkim/SigningTable
*@dom1.com mail._domainkey.dom1.com *@dom2.com mail._domainkey.dom2.com *@dom3.com mail._domainkey.dom3.com *@dom3.com mail._domainkey.dom3.com
sudo systemctl restart opendkim.service sudo systemctl restart postfix.service
On your domain registrar you'll want to add an SPF record. The record should be similar to the following:
Host: @
TXT Value: v=spf1 a:mail.dom1.com a:asspX.domX.com a:asspX2.domX.com a:smtp03.sec.haddentech.com -all
The value “a:” is an A record value and should include a record for each MTA/mail server and a record for each ASSP relay that you are going to send through.
Configure Dovecot SASL so external mail server can authenticate and send via ASSP
Create local OS user with passwords which represent the external mail servers:
sudo useradd mail.sendingmta1.com && passwd mail.sendingmta1.com
Use this as the user name and password to authenticated when sending from your MTA to ASSP as a relay/smarthost.