My impression is that DKIM and SPF are both necessary, but not sufficient, if you want
e-mails from your server to reach their recipients and not end up in the spam folder.
Setting up SPF needs no special configuration at the server. DKIM needs a bit more work.
First, install the opendkim package.
Next, you must generate a certificate/key pair if necessary:
# opendkim-genkey -d mydomain.net -s mail
Add the opendkim milter incantation into /etc/postfix/main.cf:
milter_default_action = accept
milter_protocol = 2
smtpd_milters = inet:localhost:8891
non_smtpd_milters = inet:localhost:8891
smtpd_sender_restrictions = reject_unknown_sender_domain
Enter the domain (or domains comma-separated), key file location and operation mode (s=sign,
(v=verify)) into /etc/opendkim.conf.
Put the certificate text into a DNS entry with name mail._domainkey.
mail._domainkey.mydomain.net IN TXT "v=DKIM1; g=*; k=rsa; p=[certificate_text]" ; -----
DKIM mail for mydomain.net
SPF is a no brainer as already mentioned - v simple modifications required to DNS records
DKIM does require some effort - previous answer refers to setting up all email passing
through the server and adding DKIM header, this is OK but not always the best answer as it
introduces an overhead for all email
My environment is broken down between emails that are sent by real people (that don't really
need DKIM signing) and mass emailing (which do).
To target the system resources more specifically during the email generation stage (perl
based) I utilise the Mail::DKIM::Signer module - really simple to setup although there is a
tiny caveat worth remembering : when outputting for hashing the signature the output must end
each line with a CR/LF - ie SMTP prepared traffic format (not the typical CR alone)
My solution here will be MTA agnostic also (which is pretty helpful to those running sendmail
particularly although there is a blanket solution for that as well I understand)
Great, thanks alot.