-3

I'm trying to set up dkim on my server so my emails are less likely to end up in my customers' spam.

Quick question: does port 8891 need to be opened? I'm using ufw.

Many thanks in advance,

Eamorr
  • 616
  • 5
  • 14
  • 27

2 Answers2

3

Probably not.

My guess is that you have a dedicated daemon for dkim signing (such as opendkim) listening on that port, and that your mail server is using that port to communicate with it? Assuming that your mail server and your dkim server runs on the same machine they ought to be communicating over localhost, which I hope your local firewall rules leave alone.

Assuming all above is true there is also the possibility of having your mail server and your dkim server communicating over a socket instead. It has the potential to make things a bit more complicated but also has the potential to increase security, by enforcing filesystem rules, restricting what local users/daemons can do dkim signing. Assuming you have a dedicated machine for handing mail the additional security of using sockets are probably negligible compared to communicating over localhost network.

andol
  • 6,938
  • 29
  • 43
3

No you don't need the port 8891 to be opened to the outside connection, that is only for Postfix SOCKET.

The what DKIM keys works are like this: You create a public key and a private key. The public key is published on your DNS records as a TXT record, on the other side your emails are signed with your private key, when you send an email the recipient server check your DNS record for the public key for example "default._domainkey" and it verifies the DKIM. There is nothing related with connecting directly to the server.

Hope this helps.

user1305626
  • 148
  • 3
  • Thank you so much. I can confirm that I have 8891 denied in my firewall config and the dkim works (I tried it out using http://www.brandonchecketts.com/emailtest.php) – Eamorr May 12 '14 at 16:04