mirror of
https://codeberg.org/hyperreal/techne
synced 2024-11-01 06:13:06 +01:00
2.1 KiB
2.1 KiB
Lemmy
Configure SPF and DKIM for SMTP postfix-relay
Source: https://github.com/wader/postfix-relay#spf
- Add remote forwarding for rsyslog.
- Make the DKIM keys persist indefinitely in a volume at
./volumes/postfix-dkim:/etc/opendkim/keys. ./volumesis relative to the parent directory of thedocker-compose.ymlfile for the Lemmy instance. E.g./docker/lemmy/volumes.
Edit docker-compose.yml:
postfix:
image: mwader/postfix-relay
environment:
- POSTFIX_myhostname=lemmy.hyperreal.coffee
- OPENDKIM_DOMAINS=lemmy.hyperreal.coffee
- RSYSLOG_TO_FILE=yes
- RSYSLOG_TIMESTAMP=yes
- RSYSLOG_REMOTE_HOST=<ip addr of remote logging server>
- RSYSLOG_REMOTE_PORT=514
- RSYSLOG_REMOTE_TEMPLATE=RSYSLOG_ForwardFormat
volumes:
- ./volumes/postfix-dkim:/etc/opendkim/keys
- ./volumes/logs:/var/log
restart: "always"
logging: *default-loggingdocker-compose up -dOn domain registrar, add the following TXT records:
| Type | Name | Content |
|---|---|---|
| TXT | lemmy | "v=spf1 a max ipv4:<ip addr of server> -all" |
| TXT | mail._domainkey.lemmy | "v=DKIM1; h=sha256; k=rsa; p=<pubkey>" |
The content of mail._domainkey.lemmy is obtained from the log output of the wader/postfix-relay Docker container.
docker logs lemmy-postfix-1To test this, allow a few hours for the DNS changes to propagate, then log out of the Lemmy instance and send a password reset request. If the reset confirmation email doesn't go to the spam folder, it works. The email service provider will be able to determine the email is from an authentic email address.