Postfix: proper configurations - main.cf, DNS, DKIM

Question

Inherited an Ubuntu server (12.04) running Postfix (2.9.6) that works as an outbound-only mail relay for a web application.

Have got SPF and DMARC records entered in public DNS (Route53). Working to get DKIM properly configured due to a client requirement. We send on their behalf and emails targeting gmail accounts have been getting delayed as our IP or a CNAME record is not in their DNS. They've requested DKIM configs on our end. And it's just good practice.

Goal: I'm looking to confirm our Postfix configs, and DNS, specifically DKIM TXT record, is configured to reflect our Postfix (main.cf).

This should seem obvious, so let me share our configs, what I've found and maybe someone with a bit more experience can share any insights.

CURRENT CONFIGS

main.cf

myhostname = smtp.mydomain.com

myorigin = /etc/mailname ... cat /etc/mailname = mail.mydomain.com

PUBLIC DNS

mydomain.com MX 10 smtp.mydomain.com

mydomain.com TXT v=SPF1; a:smtp.mydomain.com -all

_dmarc.mydomain.com TXT v=DMARC1; p=none; rua:mailto:

mail._domainkey.mydomain.com TXT v=DKIM1; k=rsa; p=

smtp.mydomain.com A

mail.mydomain.com CNAME smtp.mydomain.com

COMMAND LINE EMAIL TESTS FROM UBUNTU/POSTFIX SERVER

echo "Test message" | mail -s "Test Email" gmail_user@gmail.com

Gmail Output:

Original Message

Message ID: <id-string@**smtp.mydomain.co**m>
From:       Ubuntu User <ubuntu_user@**mail.mydomain.com**>
To:         gmail_user@gmail.com
SPF:        PASS with IP 165.11.22.33
DMARC:      'FAIL'

Header

Delivered-To: gmail_user@gmail.com
Received: by 2002:ab0:1d8f:0:0:0:0:0 with SMTP id l15csp1726299uak;
    Mon, 29 Oct 2018 15:40:23 -0700 (PDT)
X-Google-Smtp-Source: AJdET5fekgw1/THhdQd68d48F6YdbjAzHBIJX11Pw7EVfoNfVzcdig7100nYe4qzCo5Ip8RIeovT
X-Received: by 2002:a63:c45:: with SMTP id 5-v6mr15518118pgm.372.1540852823648;
    Mon, 29 Oct 2018 15:40:23 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1540852823; cv=none;
    d=google.com; s=arc-20160816;
    b=wS6zfKOrfEXcC0cvWje6qlDcrGX7eQ5NWiIrN7vVC5azOBPwAWpR4gniHnlc8uzK1u
     UAHscndWVkniIM79rgMdot0mD72o0h/vwH4spaE6VwFHQcgg88PcskpXhykhK6JToF1U
     0LRNde0BdJM4GX+Ri9c1aHwy0SiOgDQr3CLnynelBtUXfa5oOz8DLvdi0tPgZXU5oOQL
     B1DybgHTq/cmAJzpVdkBBp3nCrU7Bj37cazjHzT6osDTQoRkUCXl3KY5jXmUxr+DZBzg
     K1p4fuA9IOJNuufpCGoiJJzfpoRACYw8X86QL3aB7xH5jjFhbrsDgCPk/gAKQ1afdsxU
     +Xsg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
    h=from:date:message-id:to:subject;
    bh=PkbvdhgKiEAAhc+GiwM2ZnxMu+StJ76lWGj3Y9phfFA=;
    b=KRDIVpwLAvIbW/N0CGCh++bcr5oayPJX9KqcPBKYEbf/LWLL5VABryAkmw369wx+9R
     YKSwvxhRmLoMHWROsRM4ajdghUuoyF8n5lK0XbiHMy1Eh0K1VNtT5QJnR328ycYR4ECo
     QkmmoODK2GN8RsjWw8UlC33XGS/2kc0X37O1wwyTqHo06VUNC27QElKiC7as5BNNGG2Y
     SaDmnzD4Nq7b3BSnvhi/kLG2z9Pannolf+Pm5O6V71TimMus8dk71WeZ5ntdMdjFBrju
     yc47X1zKnmfLpTevISfdzYB/cxW9Hj35/ojE3+9863DgIUrepuie8aHZGcCMwit2Y3/h
     hTyA==
ARC-Authentication-Results: i=1; mx.google.com;
   spf=pass (google.com: best guess record for domain of ubuntu_user@**mail.mydomain.com** designates 165.22.33.44 as permitted sender) **smtp.mailfrom=ubuntu_user@mail.mydomain.com**;
   dmarc=fail (p=NONE sp=NONE dis=NONE) **header.from=mydomain.com**
Return-Path: <ubuntu_user@mail.mydomain.com>
Received: from **smtp.mydomain.com** (smtp.mydomain.com. [165.22.33.44])
    by mx.google.com with ESMTPS id g11-v6si8549874pgu.301.2018.10.29.15.40.23
    for <gmail_user@gmail.com>
    (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
    Mon, 29 Oct 2018 15:40:23 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of ubuntu_user@**mail.mydomain.com** designates 165.22.33.44 as permitted sender) client-ip=165.22.33.44;
Authentication-Results: mx.google.com;
   spf=pass (google.com: best guess record for domain of ubuntu_user@**mail.mydomain.com** designates 165.22.33.44 as permitted sender) **smtp.mailfrom=ubuntu_user@mail.mydomain.com**;
   dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=mydomain.com
Received: by **smtp.mydomain.com** (Postfix, from userid 1016) id AF76AB605F1; Mon, 29 Oct 2018 15:40:22 -0700 (MST)
Subject: Test Email
To: <gmail_user@gmail.com>
X-Mailer: mail (GNU Mailutils 2.2)
Message-Id: <20181029224022.AF76AB605F1@smtp.mydomain.com>
Date: Mon, 29 Oct 2018 15:40:22 -0700 (MST)
From: Ubuntu User <ubuntu_user@mail.mydomain.com>
Test message

Mail-Tester.com Output

echo "Test message" | mail -s “Test Email” @mail-tester.com

Score: 8/10

[SPF] mail.mydomain.com does not allow your server 165.11.22.33 to use ubuntu_user@mail.webassessor.com
 You do not have a SPF record, please add the following one to your domain mail.webassessor.com:
v=spf1 a mx ip4:162.42.66.34 ~all
The Name Server handling the domain name mail.webassessor.com is smtp.webassessor.com.

Your message is not signed with DKIM

note: I've got openDKIM installed, but, not connected to Postfix yet as I don't want to break mail flow until I sort some of these things out.

RESOURCES REFERENCED

Postfix/DKIM

https://help.ubuntu.com/community/Postfix/DKIM

SPF Checkers

https://mxtoolbox.com/spf.aspx

DKIM Checkers

https://www.dmarcanalyzer.com/dkim/dkim-check/

https://protodave.com/tools/dkim-key-checker/

DMARC Checkers

https://dmarcian.com/dmarc-inspector/

I've also read quite a bit on the postfix, opendkim, reddit and other sites, fwiw.

QUESTION(S):

Primary:

Q? Do I need to edit the /etc/mailname and change to smtp.mydomain.com

Secondary (if you have time/insights, appreciated)

*Q? Should I add the IP4 as well in SPF for smtp.mydomain.com?

Q? Does this use of smtp.mydomain.com change my configs for dkim record?

Q? Does this use of smtp.mydomain.com change my configs for dmarc record?

*Q? What else could be missing?

If you've gotten this far, you're time is greatly appreciated. Thanks.