Installing OpenDKIM

Follow these steps to install OpenDKIM on Ubuntu and Plesk.
I will use domain.tld (as the primary domain) and example.com as my domains, I have enabled subdomains so mail from the server mail.domain.tld gets signed too as in this case mail.domain.tld is also the Posfix hostname and mailname…

1. First login as root as run…

2. Create the folder structure…

3. Create a key, I’ll use “dkim” as the selector and create 1024bit keys
You will have two files in the folder, dkim.private and dkim.txt, the latter contains the DNS record for you to add in Plesk or at your domains registrar.

4. Now we’ll create the SigningTable and the KeyTable…

The contents should look like…

5. And the KeyTable…

The contents should look like…

You can see the subdomains point to the same key as the domain.

6. Next we have to create the internal hosts file…

and add your IP and host names…

7. Now edit /etc/opendkim.conf

And define these settings…

8. Make sure you create the log directory, and the log file is owned by opendkim:opendkim

9. We now need to define the socket…

And uncomment…

10. And restart opendkim

11. Our last step is too add this milter to our postfix configuration file…

Restart Postfix…

And you should be good.

Moving Plesks Mail Directory

This is an update to a kb article at Plesk KB6312 on How to move the Plesk Mail Directory.
I will use the example folder /var/vmail

1. Edit psa.conf

Changing “PLESK_MAILNAMES_D” to the desired location…

2. Then run the following command which will create the new folder and copy the contents of the qmail directory to the new directory…

3. And change the maildirs in Dovecot…

Adding the following…

4. Run…

This will update the following configuration files

/etc/postfix/main.cf
/etc/postfix/master.cf
/etc/default/spamassassin

with the correct paths to your new Maildir.

5. We need to edit the spamtrain script…

You will see line 8…

Simply change this to…

6. Now create the Spamassasin Home Directory…

7. Lastly we need to update the default file in /etc/default/spamassassin to reflect our change…

Secure Redirects in Plesk

More and more sites are only available via https, now with the Let’s Encrypt extension available in Plesk 12.5 it’s even easier to make your site secure. As such I thought it would be a good time to write this guide.

This guide assumes…

    • You have already setup your SSL Certificate in Plesk for your domain,
    • You are using Apache (FastCGI or FPM) and Nginx is serving static files,
    • You want your site to be https only, redirecting all http requests to https
    • You have set preferred domain in Plesk to www.domain.tld

Apache

I’ll start with Apache, browse to your domain in Plesk and click on Additional Apache & Nginx settings. under Additional directives for HTTP use this redirect..

And Additional directives for HTTPS…

If you use Plesk’s built in SEO Safe redirect (preferred domain) from domain.tld to www.domain.tld, you will need to turn this off and add the following in the Additional HTTPS directives…

Nginx

Now onto the Nginx directives…

Notice I’m using $scheme rather than the more common $host, as using the $host rewrite affected ssllabs scores in that domain.tld and www.domain.tld would score differently after adding HPKP and HSTS headers in Apache.

I hope that helps someone.

Updated to reflect changes at: https://hstspreload.org/