Be sure to check the Relay Server IP address once and a while for any blacklisting.
Allow only specific IP addresses to and from servers
Block all others
Below is the setup procedure:
https://www.linuxbabe.com/mail-server/postfix-send-only-multiple-domains-ubuntu
apt-get update
apt-get install postfix -y
postconf -e "myhostname = sso.kalolina.com"
postconf mydomain
postconf -e "mydomain = sso.kalolina.com"
postconf myorigin
myorigin = /etc/mailname
cat /etc/mailname
echo "kalolina.com" | sudo tee /etc/mailname
systemctl restart postfix
host 139.162.53.96
apt-get install opendkim opendkim-tools
adduser postfix opendkim
nano /etc/opendkim.conf
uncomment
Canonicalization relaxed/simple
Mode s
SubDomains no
#OpenDKIM user
# Remember to add user postfix to group opendkim
UserID opendkim
# Map domains in From addresses to keys used to sign messages
KeyTable refile:/etc/opendkim/key.table
SigningTable refile:/etc/opendkim/signing.table
# A set of internal hosts whose mail should be signed
InternalHosts /etc/opendkim/trusted.hosts
mkdir /etc/opendkim
mkdir /etc/opendkim/keys
chown -R opendkim:opendkim /etc/opendkim
chmod go-rw /etc/opendkim/keys
nano /etc/opendkim/signing.table
*@kalolina.com sendonly._domainkey.kalolina.com
nano /etc/opendkim/key.table
sendonly._domainkey.kalolina.com kalolina.com:sendonly:/etc/opendkim/keys/kalolina.com/sendonly.private
nano /etc/opendkim/trusted.hosts
127.0.0.1
localhost
*.kalolina.com
mkdir /etc/opendkim/keys/kalolina.com
opendkim-genkey -b 2048 -d kalolina.com -D /etc/opendkim/keys/kalolina.com -s sendonly -v
chown opendkim:opendkim /etc/opendkim/keys/kalolina.com/sendonly.private
cat /etc/opendkim/keys/kalolina.com/sendonly.txt
The string after the p parameter is the public key. In your DNS manager, create a TXT record for the second domain. Enter sendonly._domainkey in the Name field. Copy everything in the parentheses and paste into the value field. Delete all double quotes. (You can paste it into a text editor first, delete all double quotes, the copy it to your DNS manager. Your DNS manager may require you to delete other invalid characters, such as carriage return.)
v=DKIM1; h=sha256; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzaLWzpp1GYD2mOV1241vD4mcKARkOnuF1jxOrGAqtvKMisf5XS/1U2Jb8Zinu5BvWlDNwvrw+b6NIURyYpageXqNRMitxN3oNOnVK9C7v4P0k4S31Xpj1YcP7i1wFI/+KX+3V/s0AHYpL0+Jd+MCsbQiIvWto97hoovSoK3SvsX8tZjZiDahHpq3Eq9QnicIl7p8l02x6yKadw
opendkim-testkey -d kalolina.com -s sendonly -vvv
nano /etc/opendkim.conf
Socket local:/var/spool/postfix/opendkim/opendkim.sock
mkdir /var/spool/postfix/opendkim
chown opendkim:postfix /var/spool/postfix/opendkim
nano /etc/default/opendkim
SOCKET="local:/var/spool/postfix/opendkim/opendkim.sock"
nano /etc/postfix/main.cf
smtp_tls_security_level = may
smtp_tls_loglevel = 1
# add at bottom
# Milter configuration
milter_default_action = accept
milter_protocol = 6
smtpd_milters = local:opendkim/opendkim.sock
non_smtpd_milters = $smtpd_milters
systemctl restart opendkim postfix
systemctl status opendkim
TXT @ v=spf1 mx ip4:12.34.56.78 ip6:2600:3c01::f03c:93d8:f2c6:78ad ~all
systemctl restart postfix
sudo ufw insert 1 allow in from 12.34.56.78 to any port 25 proto tcp
sudo ufw allow 80/tcp
postconf "inet_interfaces = all"
nano /etc/postfix/master.cf
submission inet n - y - - smtpd
-o syslog_name=postfix/submission
-o smtpd_tls_security_level=encrypt
-o smtpd_tls_wrappermode=no
-o smtpd_sasl_auth_enable=yes
-o smtpd_relay_restrictions=permit_sasl_authenticated,reject
-o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
-o smtpd_sasl_type=dovecot
-o smtpd_sasl_path=private/auth
apt install dovecot-core
nano /etc/dovecot/conf.d/10-auth.conf
disable_plaintext_auth = yes
disable_plaintext_auth = yes
auth_mechanisms = plain login
nano /etc/dovecot/conf.d/10-master.conf
service auth {
unix_listener /var/spool/postfix/private/auth {
mode = 0660
user = postfix
group = postfix
}
}
systemctl restart dovecot
apt install certbot
certbot certonly --standalone --agree-tos --email support@kalolina.com -d sso.kalolina.com.com
postconf "smtpd_tls_cert_file = /www/server/panel/vhost/ssl/sso.kalolina.com/fullchain.pem"
postconf "smtpd_tls_key_file = /www/server/panel/vhost/ssl/sso.kalolina.com/privkey.pem"
systemctl restart postfix
adduser kapro --no-create-home