deploy: 34a1fd613f

2024-01-19 02:48:50 +00:00 · 2023-04-10 10:09:23 +00:00 · 2023-04-10 10:09:23 +00:00 · 0eeb91b632
parent ca9a5baf5f
commit 0eeb91b632
44 changed files with 490 additions and 4618 deletions
--- a/edge/config/advanced/auth-ldap/index.html
+++ b/edge/config/advanced/auth-ldap/index.html
@ -515,36 +515,8 @@
  
  
    <li class="md-nav__item">
-      <a href="../../best-practices/dkim/" class="md-nav__link">
-        DKIM
-      </a>
-    </li>
-  
-
-            
-          
-            
-              
-  
-  
-  
-    <li class="md-nav__item">
-      <a href="../../best-practices/dmarc/" class="md-nav__link">
-        DMARC
-      </a>
-    </li>
-  
-
-            
-          
-            
-              
-  
-  
-  
-    <li class="md-nav__item">
-      <a href="../../best-practices/spf/" class="md-nav__link">
-        SPF
+      <a href="../../best-practices/dkim_dmarc_spf/" class="md-nav__link">
+        DKIM, DMARC & SPF
      </a>
    </li>
  
--- a/edge/config/advanced/dovecot-master-accounts/index.html
+++ b/edge/config/advanced/dovecot-master-accounts/index.html
@ -515,36 +515,8 @@
  
  
    <li class="md-nav__item">
-      <a href="../../best-practices/dkim/" class="md-nav__link">
-        DKIM
-      </a>
-    </li>
-  
-
-            
-          
-            
-              
-  
-  
-  
-    <li class="md-nav__item">
-      <a href="../../best-practices/dmarc/" class="md-nav__link">
-        DMARC
-      </a>
-    </li>
-  
-
-            
-          
-            
-              
-  
-  
-  
-    <li class="md-nav__item">
-      <a href="../../best-practices/spf/" class="md-nav__link">
-        SPF
+      <a href="../../best-practices/dkim_dmarc_spf/" class="md-nav__link">
+        DKIM, DMARC & SPF
      </a>
    </li>
  
--- a/edge/config/advanced/full-text-search/index.html
+++ b/edge/config/advanced/full-text-search/index.html
@ -515,36 +515,8 @@
  
  
    <li class="md-nav__item">
-      <a href="../../best-practices/dkim/" class="md-nav__link">
-        DKIM
-      </a>
-    </li>
-  
-
-            
-          
-            
-              
-  
-  
-  
-    <li class="md-nav__item">
-      <a href="../../best-practices/dmarc/" class="md-nav__link">
-        DMARC
-      </a>
-    </li>
-  
-
-            
-          
-            
-              
-  
-  
-  
-    <li class="md-nav__item">
-      <a href="../../best-practices/spf/" class="md-nav__link">
-        SPF
+      <a href="../../best-practices/dkim_dmarc_spf/" class="md-nav__link">
+        DKIM, DMARC & SPF
      </a>
    </li>
  
--- a/edge/config/advanced/ipv6/index.html
+++ b/edge/config/advanced/ipv6/index.html
@ -515,36 +515,8 @@
  
  
    <li class="md-nav__item">
-      <a href="../../best-practices/dkim/" class="md-nav__link">
-        DKIM
-      </a>
-    </li>
-  
-
-            
-          
-            
-              
-  
-  
-  
-    <li class="md-nav__item">
-      <a href="../../best-practices/dmarc/" class="md-nav__link">
-        DMARC
-      </a>
-    </li>
-  
-
-            
-          
-            
-              
-  
-  
-  
-    <li class="md-nav__item">
-      <a href="../../best-practices/spf/" class="md-nav__link">
-        SPF
+      <a href="../../best-practices/dkim_dmarc_spf/" class="md-nav__link">
+        DKIM, DMARC & SPF
      </a>
    </li>
  
--- a/edge/config/advanced/kubernetes/index.html
+++ b/edge/config/advanced/kubernetes/index.html
@ -515,36 +515,8 @@
  
  
    <li class="md-nav__item">
-      <a href="../../best-practices/dkim/" class="md-nav__link">
-        DKIM
-      </a>
-    </li>
-  
-
-            
-          
-            
-              
-  
-  
-  
-    <li class="md-nav__item">
-      <a href="../../best-practices/dmarc/" class="md-nav__link">
-        DMARC
-      </a>
-    </li>
-  
-
-            
-          
-            
-              
-  
-  
-  
-    <li class="md-nav__item">
-      <a href="../../best-practices/spf/" class="md-nav__link">
-        SPF
+      <a href="../../best-practices/dkim_dmarc_spf/" class="md-nav__link">
+        DKIM, DMARC & SPF
      </a>
    </li>
  
--- a/edge/config/advanced/mail-fetchmail/index.html
+++ b/edge/config/advanced/mail-fetchmail/index.html
@ -515,36 +515,8 @@
  
  
    <li class="md-nav__item">
-      <a href="../../best-practices/dkim/" class="md-nav__link">
-        DKIM
-      </a>
-    </li>
-  
-
-            
-          
-            
-              
-  
-  
-  
-    <li class="md-nav__item">
-      <a href="../../best-practices/dmarc/" class="md-nav__link">
-        DMARC
-      </a>
-    </li>
-  
-
-            
-          
-            
-              
-  
-  
-  
-    <li class="md-nav__item">
-      <a href="../../best-practices/spf/" class="md-nav__link">
-        SPF
+      <a href="../../best-practices/dkim_dmarc_spf/" class="md-nav__link">
+        DKIM, DMARC & SPF
      </a>
    </li>
  
--- a/edge/config/advanced/mail-forwarding/aws-ses/index.html
+++ b/edge/config/advanced/mail-forwarding/aws-ses/index.html
@ -510,36 +510,8 @@
  
  
    <li class="md-nav__item">
-      <a href="../../../best-practices/dkim/" class="md-nav__link">
-        DKIM
-      </a>
-    </li>
-  
-
-            
-          
-            
-              
-  
-  
-  
-    <li class="md-nav__item">
-      <a href="../../../best-practices/dmarc/" class="md-nav__link">
-        DMARC
-      </a>
-    </li>
-  
-
-            
-          
-            
-              
-  
-  
-  
-    <li class="md-nav__item">
-      <a href="../../../best-practices/spf/" class="md-nav__link">
-        SPF
+      <a href="../../../best-practices/dkim_dmarc_spf/" class="md-nav__link">
+        DKIM, DMARC & SPF
      </a>
    </li>
  
--- a/edge/config/advanced/mail-forwarding/relay-hosts/index.html
+++ b/edge/config/advanced/mail-forwarding/relay-hosts/index.html
@ -515,36 +515,8 @@
  
  
    <li class="md-nav__item">
-      <a href="../../../best-practices/dkim/" class="md-nav__link">
-        DKIM
-      </a>
-    </li>
-  
-
-            
-          
-            
-              
-  
-  
-  
-    <li class="md-nav__item">
-      <a href="../../../best-practices/dmarc/" class="md-nav__link">
-        DMARC
-      </a>
-    </li>
-  
-
-            
-          
-            
-              
-  
-  
-  
-    <li class="md-nav__item">
-      <a href="../../../best-practices/spf/" class="md-nav__link">
-        SPF
+      <a href="../../../best-practices/dkim_dmarc_spf/" class="md-nav__link">
+        DKIM, DMARC & SPF
      </a>
    </li>
  
--- a/edge/config/advanced/mail-sieve/index.html
+++ b/edge/config/advanced/mail-sieve/index.html
@ -515,36 +515,8 @@
  
  
    <li class="md-nav__item">
-      <a href="../../best-practices/dkim/" class="md-nav__link">
-        DKIM
-      </a>
-    </li>
-  
-
-            
-          
-            
-              
-  
-  
-  
-    <li class="md-nav__item">
-      <a href="../../best-practices/dmarc/" class="md-nav__link">
-        DMARC
-      </a>
-    </li>
-  
-
-            
-          
-            
-              
-  
-  
-  
-    <li class="md-nav__item">
-      <a href="../../best-practices/spf/" class="md-nav__link">
-        SPF
+      <a href="../../best-practices/dkim_dmarc_spf/" class="md-nav__link">
+        DKIM, DMARC & SPF
      </a>
    </li>
  
--- a/edge/config/advanced/maintenance/update-and-cleanup/index.html
+++ b/edge/config/advanced/maintenance/update-and-cleanup/index.html
@ -515,36 +515,8 @@
  
  
    <li class="md-nav__item">
-      <a href="../../../best-practices/dkim/" class="md-nav__link">
-        DKIM
-      </a>
-    </li>
-  
-
-            
-          
-            
-              
-  
-  
-  
-    <li class="md-nav__item">
-      <a href="../../../best-practices/dmarc/" class="md-nav__link">
-        DMARC
-      </a>
-    </li>
-  
-
-            
-          
-            
-              
-  
-  
-  
-    <li class="md-nav__item">
-      <a href="../../../best-practices/spf/" class="md-nav__link">
-        SPF
+      <a href="../../../best-practices/dkim_dmarc_spf/" class="md-nav__link">
+        DKIM, DMARC & SPF
      </a>
    </li>
  
--- a/edge/config/advanced/optional-config/index.html
+++ b/edge/config/advanced/optional-config/index.html
@ -517,36 +517,8 @@
  
  
    <li class="md-nav__item">
-      <a href="../../best-practices/dkim/" class="md-nav__link">
-        DKIM
-      </a>
-    </li>
-  
-
-            
-          
-            
-              
-  
-  
-  
-    <li class="md-nav__item">
-      <a href="../../best-practices/dmarc/" class="md-nav__link">
-        DMARC
-      </a>
-    </li>
-  
-
-            
-          
-            
-              
-  
-  
-  
-    <li class="md-nav__item">
-      <a href="../../best-practices/spf/" class="md-nav__link">
-        SPF
+      <a href="../../best-practices/dkim_dmarc_spf/" class="md-nav__link">
+        DKIM, DMARC & SPF
      </a>
    </li>
  
@ -1503,12 +1475,12 @@

  <h1>Optional Configuration</h1>

-<p>This is a list of all configuration files and directories which are optional or automatically generated in your <code>docker-data/dms/config/</code> directory.</p>
+<p>This is a list of all configuration files and directories which are optional or automatically generated in your <code>docker-data/dms/config/</code> directory. We use this path to reference the local config directory in our docs, which you should attach a volume into the container at <code>/tmp/docker-mailserver</code>.</p>
 <h2 id="directories"><a class="toclink" href="#directories">Directories</a></h2>
 <ul>
 <li><strong>sieve-filter:</strong> directory for sieve filter scripts. (Docs: <a href="../mail-sieve/">Sieve</a>)</li>
 <li><strong>sieve-pipe:</strong> directory for sieve pipe scripts. (Docs: <a href="../mail-sieve/">Sieve</a>)</li>
-<li><strong>opendkim:</strong> DKIM directory. Auto-configurable via <a href="../../setup.sh/"><code>setup.sh config dkim</code></a>. (Docs: <a href="../../best-practices/dkim/">DKIM</a>)</li>
+<li><strong>opendkim:</strong> DKIM directory. Auto-configurable via <a href="../../setup.sh/"><code>setup.sh config dkim</code></a>. (Docs: <a href="../../best-practices/dkim_dmarc_spf/#dkim">DKIM</a>)</li>
 <li><strong>ssl:</strong> SSL Certificate directory if <code>SSL_TYPE</code> is set to <code>self-signed</code> or <code>custom</code>. (Docs: <a href="../../security/ssl/">SSL</a>)</li>
 </ul>
 <h2 id="files"><a class="toclink" href="#files">Files</a></h2>
--- a/edge/config/advanced/override-defaults/dovecot/index.html
+++ b/edge/config/advanced/override-defaults/dovecot/index.html
@ -515,36 +515,8 @@
  
  
    <li class="md-nav__item">
-      <a href="../../../best-practices/dkim/" class="md-nav__link">
-        DKIM
-      </a>
-    </li>
-  
-
-            
-          
-            
-              
-  
-  
-  
-    <li class="md-nav__item">
-      <a href="../../../best-practices/dmarc/" class="md-nav__link">
-        DMARC
-      </a>
-    </li>
-  
-
-            
-          
-            
-              
-  
-  
-  
-    <li class="md-nav__item">
-      <a href="../../../best-practices/spf/" class="md-nav__link">
-        SPF
+      <a href="../../../best-practices/dkim_dmarc_spf/" class="md-nav__link">
+        DKIM, DMARC & SPF
      </a>
    </li>
  
--- a/edge/config/advanced/override-defaults/postfix/index.html
+++ b/edge/config/advanced/override-defaults/postfix/index.html
@ -510,36 +510,8 @@
  
  
    <li class="md-nav__item">
-      <a href="../../../best-practices/dkim/" class="md-nav__link">
-        DKIM
-      </a>
-    </li>
-  
-
-            
-          
-            
-              
-  
-  
-  
-    <li class="md-nav__item">
-      <a href="../../../best-practices/dmarc/" class="md-nav__link">
-        DMARC
-      </a>
-    </li>
-  
-
-            
-          
-            
-              
-  
-  
-  
-    <li class="md-nav__item">
-      <a href="../../../best-practices/spf/" class="md-nav__link">
-        SPF
+      <a href="../../../best-practices/dkim_dmarc_spf/" class="md-nav__link">
+        DKIM, DMARC & SPF
      </a>
    </li>
  
--- a/edge/config/advanced/override-defaults/user-patches/index.html
+++ b/edge/config/advanced/override-defaults/user-patches/index.html
@ -510,36 +510,8 @@
  
  
    <li class="md-nav__item">
-      <a href="../../../best-practices/dkim/" class="md-nav__link">
-        DKIM
-      </a>
-    </li>
-  
-
-            
-          
-            
-              
-  
-  
-  
-    <li class="md-nav__item">
-      <a href="../../../best-practices/dmarc/" class="md-nav__link">
-        DMARC
-      </a>
-    </li>
-  
-
-            
-          
-            
-              
-  
-  
-  
-    <li class="md-nav__item">
-      <a href="../../../best-practices/spf/" class="md-nav__link">
-        SPF
+      <a href="../../../best-practices/dkim_dmarc_spf/" class="md-nav__link">
+        DKIM, DMARC & SPF
      </a>
    </li>
  
--- a/edge/config/advanced/podman/index.html
+++ b/edge/config/advanced/podman/index.html
@ -515,36 +515,8 @@
  
  
    <li class="md-nav__item">
-      <a href="../../best-practices/dkim/" class="md-nav__link">
-        DKIM
-      </a>
-    </li>
-  
-
-            
-          
-            
-              
-  
-  
-  
-    <li class="md-nav__item">
-      <a href="../../best-practices/dmarc/" class="md-nav__link">
-        DMARC
-      </a>
-    </li>
-  
-
-            
-          
-            
-              
-  
-  
-  
-    <li class="md-nav__item">
-      <a href="../../best-practices/spf/" class="md-nav__link">
-        SPF
+      <a href="../../best-practices/dkim_dmarc_spf/" class="md-nav__link">
+        DKIM, DMARC & SPF
      </a>
    </li>
  
--- a/edge/config/best-practices/autodiscover/index.html
+++ b/edge/config/best-practices/autodiscover/index.html
@ -15,7 +15,7 @@
        <link rel="canonical" href="https://docker-mailserver.github.io/docker-mailserver/edge/config/best-practices/autodiscover/">
      
      
-        <link rel="prev" href="../spf/">
+        <link rel="prev" href="../dkim_dmarc_spf/">
      
      
        <link rel="next" href="../../security/understanding-the-ports/">
@ -78,6 +78,11 @@
    <label class="md-overlay" for="__drawer"></label>
    <div data-md-component="skip">
      
+        
+        <a href="#auto-discovery-of-services" class="md-skip">
+          Skip to content
+        </a>
+      
    </div>
    <div data-md-component="announce">
      
@ -512,36 +517,8 @@
  
  
    <li class="md-nav__item">
-      <a href="../dkim/" class="md-nav__link">
-        DKIM
-      </a>
-    </li>
-  
-
-            
-          
-            
-              
-  
-  
-  
-    <li class="md-nav__item">
-      <a href="../dmarc/" class="md-nav__link">
-        DMARC
-      </a>
-    </li>
-  
-
-            
-          
-            
-              
-  
-  
-  
-    <li class="md-nav__item">
-      <a href="../spf/" class="md-nav__link">
-        SPF
+      <a href="../dkim_dmarc_spf/" class="md-nav__link">
+        DKIM, DMARC & SPF
      </a>
    </li>
  
@ -560,6 +537,8 @@
      <input class="md-nav__toggle md-toggle" type="checkbox" id="__toc">
      
      
+        
+      
      
      <a href="./" class="md-nav__link md-nav__link--active">
        Auto-discovery
@ -1421,6 +1400,8 @@
  
  
  
+    
+  
  
 </nav>
                  </div>
@ -1438,8 +1419,7 @@
  


-  <h1>Auto-discovery</h1>
-
+<h1 id="auto-discovery-of-services"><a class="toclink" href="#auto-discovery-of-services">Auto-Discovery of Services</a></h1>
 <p>Email auto-discovery means a client email is able to automagically find out about what ports and security options to use, based on the mail-server URI. It can help simplify the tedious / confusing task of adding own's email account for non-tech savvy users.</p>
 <p>Email clients will search for auto-discoverable settings and prefill almost everything when a user enters its email address <img alt="❤" class="twemoji" src="https://cdnjs.cloudflare.com/ajax/libs/twemoji/14.0.2/svg/2764.svg" title=":heart:" /></p>
 <p>There exists <a href="https://hub.docker.com/r/monogramm/autodiscover-email-settings/">autodiscover-email-settings</a> on which provides IMAP/POP/SMTP/LDAP autodiscover capabilities on Microsoft Outlook/Apple Mail, autoconfig capabilities for Thunderbird or kmail and configuration profiles for iOS/Apple Mail.</p>
--- a/edge/config/best-practices/dkim/index.html
+++ b/edge/config/best-practices/dkim/index.html
--- a/edge/config/best-practices/dkim_dmarc_spf/index.html
+++ b/edge/config/best-practices/dkim_dmarc_spf/index.html
@ -12,10 +12,10 @@
        <meta name="author" content="docker-mailserver (Github Organization)">
      
      
-        <link rel="canonical" href="https://docker-mailserver.github.io/docker-mailserver/edge/config/best-practices/spf/">
+        <link rel="canonical" href="https://docker-mailserver.github.io/docker-mailserver/edge/config/best-practices/dkim_dmarc_spf/">
      
      
-        <link rel="prev" href="../dmarc/">
+        <link rel="prev" href="../../user-management/">
      
      
        <link rel="next" href="../autodiscover/">
@ -25,7 +25,7 @@
    
    
      
-        <title>Best Practices | SPF - Docker Mailserver</title>
+        <title>DKIM, DMARC & SPF - Docker Mailserver</title>
      
    
    
@ -79,7 +79,7 @@
    <div data-md-component="skip">
      
        
-        <a href="#add-a-spf-record" class="md-skip">
+        <a href="#dkim-dmarc-spf" class="md-skip">
          Skip to content
        </a>
      
@ -115,7 +115,7 @@
        <div class="md-header__topic" data-md-component="header-topic">
          <span class="md-ellipsis">
            
-              Best Practices | SPF
+              DKIM, DMARC & SPF
            
          </span>
        </div>
@ -344,8 +344,6 @@
          
            
              
-                
-              
              <div class="md-sidebar md-sidebar--primary" data-md-component="sidebar" data-md-type="navigation" >
                <div class="md-sidebar__scrollwrap">
                  <div class="md-sidebar__inner">
@ -515,34 +513,6 @@
              
  
  
-  
-    <li class="md-nav__item">
-      <a href="../dkim/" class="md-nav__link">
-        DKIM
-      </a>
-    </li>
-  
-
-            
-          
-            
-              
-  
-  
-  
-    <li class="md-nav__item">
-      <a href="../dmarc/" class="md-nav__link">
-        DMARC
-      </a>
-    </li>
-  
-
-            
-          
-            
-              
-  
-  
    
  
  
@ -551,14 +521,16 @@
      <input class="md-nav__toggle md-toggle" type="checkbox" id="__toc">
      
      
+        
+      
      
        <label class="md-nav__link md-nav__link--active" for="__toc">
-          SPF
+          DKIM, DMARC & SPF
          <span class="md-nav__icon md-icon"></span>
        </label>
      
      <a href="./" class="md-nav__link md-nav__link--active">
-        SPF
+        DKIM, DMARC & SPF
      </a>
      
        
@ -567,6 +539,8 @@
  
  
  
+    
+  
  
    <label class="md-nav__title" for="__toc">
      <span class="md-nav__icon md-icon"></span>
@ -575,17 +549,71 @@
    <ul class="md-nav__list" data-md-component="toc" data-md-scrollfix>
      
        <li class="md-nav__item">
-  <a href="#add-a-spf-record" class="md-nav__link">
-    Add a SPF Record
+  <a href="#dkim" class="md-nav__link">
+    DKIM
+  </a>
+  
+    <nav class="md-nav" aria-label="DKIM">
+      <ul class="md-nav__list">
+        
+          <li class="md-nav__item">
+  <a href="#generating-keys" class="md-nav__link">
+    Generating Keys
+  </a>
+  
+</li>
+        
+          <li class="md-nav__item">
+  <a href="#dkim-dns" class="md-nav__link">
+    DNS Record
+  </a>
+  
+</li>
+        
+          <li class="md-nav__item">
+  <a href="#dkim-debug" class="md-nav__link">
+    Troubleshooting
+  </a>
+  
+</li>
+        
+      </ul>
+    </nav>
+  
+</li>
+      
+        <li class="md-nav__item">
+  <a href="#dmarc" class="md-nav__link">
+    DMARC
  </a>
  
 </li>
      
        <li class="md-nav__item">
-  <a href="#backup-mx-secondary-mx" class="md-nav__link">
-    Backup MX, Secondary MX
+  <a href="#spf" class="md-nav__link">
+    SPF
  </a>
  
+    <nav class="md-nav" aria-label="SPF">
+      <ul class="md-nav__list">
+        
+          <li class="md-nav__item">
+  <a href="#adding-an-spf-record" class="md-nav__link">
+    Adding an SPF Record
+  </a>
+  
+</li>
+        
+          <li class="md-nav__item">
+  <a href="#backup-mx-secondary-mx-for-policyd-spf" class="md-nav__link">
+    Backup MX &amp; Secondary MX for policyd-spf
+  </a>
+  
+</li>
+        
+      </ul>
+    </nav>
+  
 </li>
      
    </ul>
@ -1451,9 +1479,7 @@
            
            
              
-                
-              
-              <div class="md-sidebar md-sidebar--secondary" data-md-component="sidebar" data-md-type="toc" hidden>
+              <div class="md-sidebar md-sidebar--secondary" data-md-component="sidebar" data-md-type="toc" >
                <div class="md-sidebar__scrollwrap">
                  <div class="md-sidebar__inner">
                    
@ -1462,6 +1488,8 @@
  
  
  
+    
+  
  
    <label class="md-nav__title" for="__toc">
      <span class="md-nav__icon md-icon"></span>
@ -1470,17 +1498,71 @@
    <ul class="md-nav__list" data-md-component="toc" data-md-scrollfix>
      
        <li class="md-nav__item">
-  <a href="#add-a-spf-record" class="md-nav__link">
-    Add a SPF Record
+  <a href="#dkim" class="md-nav__link">
+    DKIM
+  </a>
+  
+    <nav class="md-nav" aria-label="DKIM">
+      <ul class="md-nav__list">
+        
+          <li class="md-nav__item">
+  <a href="#generating-keys" class="md-nav__link">
+    Generating Keys
+  </a>
+  
+</li>
+        
+          <li class="md-nav__item">
+  <a href="#dkim-dns" class="md-nav__link">
+    DNS Record
+  </a>
+  
+</li>
+        
+          <li class="md-nav__item">
+  <a href="#dkim-debug" class="md-nav__link">
+    Troubleshooting
+  </a>
+  
+</li>
+        
+      </ul>
+    </nav>
+  
+</li>
+      
+        <li class="md-nav__item">
+  <a href="#dmarc" class="md-nav__link">
+    DMARC
  </a>
  
 </li>
      
        <li class="md-nav__item">
-  <a href="#backup-mx-secondary-mx" class="md-nav__link">
-    Backup MX, Secondary MX
+  <a href="#spf" class="md-nav__link">
+    SPF
  </a>
  
+    <nav class="md-nav" aria-label="SPF">
+      <ul class="md-nav__list">
+        
+          <li class="md-nav__item">
+  <a href="#adding-an-spf-record" class="md-nav__link">
+    Adding an SPF Record
+  </a>
+  
+</li>
+        
+          <li class="md-nav__item">
+  <a href="#backup-mx-secondary-mx-for-policyd-spf" class="md-nav__link">
+    Backup MX &amp; Secondary MX for policyd-spf
+  </a>
+  
+</li>
+        
+      </ul>
+    </nav>
+  
 </li>
      
    </ul>
@ -1501,33 +1583,271 @@
  


-  <h1>SPF</h1>
-
-<p>From <a href="https://en.wikipedia.org/wiki/Sender_Policy_Framework">Wikipedia</a>:</p>
+<h1 id="dkim-dmarc-spf"><a class="toclink" href="#dkim-dmarc-spf">DKIM, DMARC &amp; SPF</a></h1>
+<p>Cloudflare has written an <a href="https://www.cloudflare.com/learning/email-security/dmarc-dkim-spf/">article about DKIM, DMARC and SPF</a> that we highly recommend you to read to get acquainted with the topic.</p>
+<div class="admonition note">
+<p class="admonition-title">Rspamd vs Individual validators</p>
+<p>With v12.0.0, Rspamd was integrated into DMS. It can perform validations for DKIM, DMARC and SPF as part of the <code>spam-score-calculation</code> for an email. DMS provides individual alternatives for each validation that can be used instead of deferring to Rspamd:</p>
+<ul>
+<li>DKIM: <code>opendkim</code> is used as a milter (like Rspamd)</li>
+<li>DMARC: <code>opendmarc</code> is used as a milter (like Rspamd)</li>
+<li>SPF: <code>policyd-spf</code> is used in Postfix's <code>smtpd_recipient_restrictions</code></li>
+</ul>
+<p>In a future release Rspamd will become the default for these validations, with a deprecation notice issued prior to the removal of the above alternatives.</p>
+<p>We encourage everyone to prefer Rspamd via <code>ENABLE_RSPAMD=1</code>.</p>
+</div>
+<div class="admonition warning">
+<p class="admonition-title">DNS Caches &amp; Propagation</p>
+<p>While modern DNS providers are quick, it may take minutes or even hours for new DNS records to become available / propagate.</p>
+</div>
+<h2 id="dkim"><a class="toclink" href="#dkim">DKIM</a></h2>
 <div class="admonition quote">
-<p class="admonition-title">Quote</p>
-<p>Sender Policy Framework (SPF) is a simple email-validation system designed to detect email spoofing by providing a mechanism to allow receiving mail exchangers to check that incoming mail from a domain comes from a host authorized by that domain's administrators. The list of authorized sending hosts for a domain is published in the Domain Name System (DNS) records for that domain in the form of a specially formatted TXT record. Email spam and phishing often use forged "from" addresses, so publishing and checking SPF records can be considered anti-spam techniques.</p>
+<p class="admonition-title">What is DKIM</p>
+<p>DomainKeys Identified Mail (DKIM) is an email authentication method designed to detect forged sender addresses in email (email spoofing), a technique often used in phishing and email spam.</p>
+<p><a href="https://en.wikipedia.org/wiki/DomainKeys_Identified_Mail">Source</a></p>
+</div>
+<p>When DKIM is enabled:</p>
+<ol>
+<li>Inbound mail will verify any included DKIM signatures</li>
+<li>Outbound mail is signed (<em>when you're sending domain has a configured DKIM key</em>)</li>
+</ol>
+<p>DKIM requires a public/private key pair to enable <strong>signing (<em>via private key</em>)</strong> your outgoing mail, while the receiving end must query DNS to <strong>verify (<em>via public key</em>)</strong> that the signature is trustworthy.</p>
+<h3 id="generating-keys"><a class="toclink" href="#generating-keys">Generating Keys</a></h3>
+<p>You should have:</p>
+<ul>
+<li>At least one <a href="../../user-management/#adding-a-new-account">email account setup</a></li>
+<li>Attached a <a href="../../advanced/optional-config/">volume for config</a> to persist the generated files to local storage</li>
+</ul>
+<p>DKIM is currently supported by either OpenDKIM or Rspamd:</p>
+<div class="tabbed-set tabbed-alternate" data-tabs="1:2"><input checked="checked" id="__tabbed_1_1" name="__tabbed_1" type="radio" /><input id="__tabbed_1_2" name="__tabbed_1" type="radio" /><div class="tabbed-labels"><label for="__tabbed_1_1">OpenDKIM</label><label for="__tabbed_1_2">Rspamd</label></div>
+<div class="tabbed-content">
+<div class="tabbed-block">
+<p>OpenDKIM is currently <a href="../../environment/#enable_opendkim">enabled by default</a>.</p>
+<p>The command <code>docker exec &lt;CONTAINER NAME&gt; setup config dkim help</code> details supported config options, along with some examples.</p>
+<div class="admonition example">
+<p class="admonition-title">Create a DKIM key</p>
+<p>Generate the DKIM files with:</p>
+<div class="highlight"><pre><span></span><code>docker<span class="w"> </span><span class="nb">exec</span><span class="w"> </span>-ti<span class="w"> </span>&lt;CONTAINER<span class="w"> </span>NAME&gt;<span class="w"> </span>setup<span class="w"> </span>config<span class="w"> </span>dkim
+</code></pre></div>
+<p>Your new DKIM key(s) and OpenDKIM config files have been added to <code>/tmp/docker-mailserver/opendkim/</code>.</p>
+</div>
+<details class="note">
+<summary>LDAP accounts need to specify domains explicitly</summary>
+<p>The command is unable to infer the domains from LDAP user accounts, you must specify them:</p>
+<div class="highlight"><pre><span></span><code>setup<span class="w"> </span>config<span class="w"> </span>dkim<span class="w"> </span>domain<span class="w"> </span><span class="s1">&#39;example.com,example.io&#39;</span>
+</code></pre></div>
+</details>
+<details class="tip">
+<summary>Changing the key size</summary>
+<p>The private key presently defaults to RSA-4096. To create an RSA 2048-bit key run:</p>
+<div class="highlight"><pre><span></span><code>setup<span class="w"> </span>config<span class="w"> </span>dkim<span class="w"> </span>keysize<span class="w"> </span><span class="m">2048</span>
+</code></pre></div>
+</details>
+</div>
+<div class="tabbed-block">
+<p>Opt-in via <a href="../../environment/#enable_rspamd"><code>ENABLE_RSPAMD=1</code></a> (<em>and disable the default OpenDKIM: <code>ENABLE_OPENDKIM=0</code></em>).</p>
+<p>Rspamd provides DKIM support through two separate modules:</p>
+<ol>
+<li><a href="https://www.rspamd.com/doc/modules/dkim.html">Verifying DKIM signatures from inbound mail</a> is enabled by default.</li>
+<li><a href="https://www.rspamd.com/doc/modules/dkim_signing.html">Signing outbound mail with your DKIM key</a> needs additional setup (key + dns + config).</li>
+</ol>
+<div class="admonition example">
+<p class="admonition-title">Create a DKIM key</p>
+<p>Presently only OpenDKIM is supported with <code>setup config dkim</code>. To generate your DKIM key and DNS files you'll need to specify:</p>
+<ul>
+<li><code>-s</code> The DKIM selector (<em>eg: <code>mail</code>, it can be anything you like</em>)</li>
+<li><code>-d</code> The sender address domain (<em>everything after <code>@</code> from the email address</em>)</li>
+</ul>
+<p>See <code>rspamadm dkim_keygen -h</code> for an overview of the supported options.</p>
+<hr />
+<ol>
+<li>Go inside the container with <code>docker exec -ti &lt;CONTAINER NAME&gt; bash</code></li>
+<li>Add <code>rspamd/dkim/</code> folder to your config volume and switch to it: <code>cd /tmp/docker-mailserver/rspamd/dkim</code></li>
+<li>Run: <code>rspamadm dkim_keygen -s mail -b 2048 -d example.com -k mail.private &gt; mail.txt</code> (<em>change <code>-d</code> to your domain-part</em>)</li>
+<li>Presently you must ensure Rspamd can read the <code>&lt;selector&gt;.private</code> file, run:
+     -<code>chgrp _rspamd mail.private</code>
+     -<code>chmod g+r mail.private</code></li>
+</ol>
+</div>
+<hr />
+<div class="admonition bug inline end">
+<p class="admonition-title">DMS config volume support is not ready for Rspamd</p>
+<p>Presently you'll need to <a href="../../security/rspamd/#manually">explicitly mount <code>rspamd/modules/override.d/</code></a> as an additional volume; do not use <a href="../../security/rspamd/#with-the-help-of-a-custom-file"><code>rspamd-modules.conf</code></a> for this purpose.</p>
+</div>
+<p>Create a configuration file for the DKIM signing module at <code>rspamd/modules/override.d/dkim_signing.conf</code> and populate it with config as shown in the example below:</p>
+<details class="example">
+<summary>DKIM Signing Module Configuration Examples</summary>
+<p>A simple configuration could look like this:</p>
+<div class="highlight"><pre><span></span><code><span class="c1"># documentation: https://rspamd.com/doc/modules/dkim_signing.html</span>
+
+<span class="na">enabled</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">true</span><span class="c1">;</span>
+
+<span class="na">sign_authenticated</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">true</span><span class="c1">;</span>
+<span class="na">sign_local</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">true</span><span class="c1">;</span>
+
+<span class="na">use_domain</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">&quot;header&quot;</span><span class="c1">;</span>
+<span class="na">use_redis</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">false</span><span class="c1">; # don&#39;t change unless Redis also provides the DKIM keys</span>
+<span class="na">use_esld</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">true</span><span class="c1">;</span>
+<span class="na">check_pubkey</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">true</span><span class="c1">; # you wan&#39;t to use this in the beginning</span>
+
+<span class="na">domain {</span>
+<span class="w">    </span><span class="na">example.com {</span>
+<span class="w">        </span><span class="na">path</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">&quot;/tmp/docker-mailserver/rspamd/dkim/mail.private&quot;</span><span class="c1">;</span>
+<span class="w">        </span><span class="na">selector</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">&quot;mail&quot;</span><span class="c1">;</span>
+<span class="w">    </span><span class="na">}</span>
+<span class="na">}</span>
+</code></pre></div>
+<p>As shown next, you can:</p>
+<ul>
+<li>You can add more domains into the <code>domain { ... }</code> section.</li>
+<li>A domain can also be configured with multiple selectors and keys within a <code>selectors [ ... ]</code> array.</li>
+</ul>
+<div class="highlight"><pre><span></span><code><span class="c1"># ...</span>
+
+<span class="na">domain {</span>
+<span class="w">    </span><span class="na">example.com {</span>
+<span class="w">        </span><span class="na">selectors [</span>
+<span class="w">            </span><span class="na">{</span>
+<span class="w">                </span><span class="na">path</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">&quot;/tmp/docker-mailserver/rspamd/dkim/example.com/rsa.private&quot;</span><span class="c1">;</span>
+<span class="w">                </span><span class="na">selector</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">&quot;dkim-rsa&quot;</span><span class="c1">;</span>
+<span class="w">            </span><span class="na">},</span>
+<span class="w">            </span><span class="na">{</span>
+<span class="w">                </span><span class="na">path</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">/tmp/docker-mailserver/rspamd/example.com/ed25519.private&quot;</span><span class="c1">;</span>
+<span class="w">                </span><span class="na">selector</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">&quot;dkim-ed25519&quot;</span><span class="c1">;</span>
+<span class="w">            </span><span class="na">}</span>
+<span class="w">        </span><span class="na">]</span>
+<span class="w">    </span><span class="na">}</span>
+<span class="w">    </span><span class="na">example.org {</span>
+<span class="w">        </span><span class="na">selectors [</span>
+<span class="w">            </span><span class="na">{</span>
+<span class="w">                </span><span class="na">path</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">&quot;/tmp/docker-mailserver/rspamd/dkim/example.org/rsa.private&quot;</span><span class="c1">;</span>
+<span class="w">                </span><span class="na">selector</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">&quot;dkim-rsa&quot;</span><span class="c1">;</span>
+<span class="w">            </span><span class="na">},</span>
+<span class="w">            </span><span class="na">{</span>
+<span class="w">                </span><span class="na">path</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">&quot;/tmp/docker-mailserver/rspamd/dkim/example.org/ed25519.private&quot;</span><span class="c1">;</span>
+<span class="w">                </span><span class="na">selector</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">&quot;dkim-ed25519&quot;</span><span class="c1">;</span>
+<span class="w">            </span><span class="na">}</span>
+<span class="w">        </span><span class="na">]</span>
+<span class="w">    </span><span class="na">}</span>
+<span class="na">}</span>
+</code></pre></div>
+<div class="admonition warning">
+<p class="admonition-title">Support for DKIM keys using Ed25519</p>
+<p>This modern elliptic curve is supported by Rspamd, but support by third-parties for <a href="https://serverfault.com/questions/1023674/is-ed25519-well-supported-for-the-dkim-validation/1074545#1074545">verifying Ed25519 DKIM signatures is unreliable</a>.</p>
+<p>If you sign your mail with this key type, you should include RSA as a fallback, like shown in the above example.</p>
+</div>
+<div class="admonition tip">
+<p class="admonition-title">DKIM Signing config: <code>check_pubkey = true;</code></p>
+<p>This setting will have Rspamd query the DNS record for each DKIM selector, verifying each public key matches the private key configured.</p>
+<p>If there is a mismatch, a warning will be omitted to the Rspamd log (<code>/var/log/supervisor/rspamd.log</code>).</p>
+</div>
+</details>
+</div>
+</div>
+</div>
+<div class="admonition info">
+<p class="admonition-title">Restart required</p>
+<p>After restarting <code>docker-mailserver</code>, outgoing mail will now be signed with your new DKIM key(s) <img alt="🎉" class="twemoji" src="https://cdnjs.cloudflare.com/ajax/libs/twemoji/14.0.2/svg/1f389.svg" title=":tada:" /></p>
+<p>You'll need to repeat this process if you add any new domains.</p>
+</div>
+<div class="admonition warning">
+<p class="admonition-title">RSA Key Sizes &gt;= 4096 Bit</p>
+<p>Keys of 4096 bits could denied by some mail servers. According to <a href="https://tools.ietf.org/html/rfc6376">RFC 6376</a> keys are <a href="https://github.com/docker-mailserver/docker-mailserver/issues/1854">preferably between 512 and 2048 bits</a>.</p>
+</div>
+<h3 id="dkim-dns"><a class="toclink" href="#dkim-dns">DNS Record</a></h3>
+<p>When mail signed with your DKIM key is sent from your mail server, the receiver needs to check a DNS <code>TXT</code> record to verify the DKIM signature is trustworthy.</p>
+<div class="admonition example">
+<p class="admonition-title">Configuring DNS - DKIM record</p>
+<p>When you generated your key in the previous step, the DNS data was saved into a file <code>&lt;selector&gt;.txt</code> (default: <code>mail.txt</code>). Use this content to update your <a href="https://www.vultr.com/docs/introduction-to-vultr-dns/">DNS via Web Interface</a> or directly edit your <a href="https://en.wikipedia.org/wiki/Zone_file">DNS Zone file</a>:</p>
+<div class="tabbed-set tabbed-alternate" data-tabs="2:2"><input checked="checked" id="__tabbed_2_1" name="__tabbed_2" type="radio" /><input id="__tabbed_2_2" name="__tabbed_2" type="radio" /><div class="tabbed-labels"><label for="__tabbed_2_1">Web Interface</label><label for="__tabbed_2_2">DNS Zone file</label></div>
+<div class="tabbed-content">
+<div class="tabbed-block">
+<p>Create a new record:</p>
+<table>
+<thead>
+<tr>
+<th>Field</th>
+<th>Value</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td>Type</td>
+<td><code>TXT</code></td>
+</tr>
+<tr>
+<td>Name</td>
+<td><code>&lt;selector&gt;._domainkey</code> (<em>default: <code>mail._domainkey</code></em>)</td>
+</tr>
+<tr>
+<td>TTL</td>
+<td>Use the default (<em>otherwise <a href="https://www.digicert.com/faq/dns/what-is-ttl">3600 seconds is appropriate</a></em>)</td>
+</tr>
+<tr>
+<td>Data</td>
+<td>File content within <code>( ... )</code> (<em>formatted as advised below</em>)</td>
+</tr>
+</tbody>
+</table>
+</div>
+<div class="tabbed-block">
+<p><code>&lt;selector&gt;.txt</code> is already formatted as a snippet for adding to your <a href="https://en.wikipedia.org/wiki/Zone_file">DNS Zone file</a>.</p>
+<p>Just copy/paste the file contents into your existing DNS zone. The <code>TXT</code> value has been split into separate strings every 255 characters for compatibility.</p>
+</div>
+</div>
+</div>
+</div>
+<details class="info">
+<summary><code>&lt;selector&gt;.txt</code> - Formatting the <code>TXT</code> record value correctly</summary>
+<p>This file was generated for use within a <a href="https://en.wikipedia.org/wiki/Zone_file">DNS zone file</a>. DNS <code>TXT</code> records values that are longer than 255 characters need to be split into multiple parts. This is why the public key has multiple parts wrapped within double-quotes between <code>(</code> and <code>)</code>.</p>
+<p>A DNS web-interface may handle this internally instead, while <a href="https://serverfault.com/questions/763815/route-53-doesnt-allow-adding-dkim-keys-because-length-is-too-long">others may not, but expect the input as a single line</a>_). You'll need to manually format the value as described below.</p>
+<p>Your DNS record file (eg: <code>mail.txt</code>) should look similar to this:</p>
+<div class="highlight"><pre><span></span><code>mail._domainkey IN TXT ( &quot;v=DKIM1; k=rsa; &quot;
+&quot;p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQMMqhb1S52Rg7VFS3EC6JQIMxNDdiBmOKZvY5fiVtD3Z+yd9ZV+V8e4IARVoMXWcJWSR6xkloitzfrRtJRwOYvmrcgugOalkmM0V4Gy/2aXeamuiBuUc4esDQEI3egmtAsHcVY1XCoYfs+9VqoHEq3vdr3UQ8zP/l+FP5UfcaJFCK/ZllqcO2P1GjIDVSHLdPpRHbMP/tU1a9mNZ&quot;
+&quot;5QMZBJ/JuJK/s+2bp8gpxKn8rh1akSQjlynlV9NI+7J3CC7CUf3bGvoXIrb37C/lpJehS39KNtcGdaRufKauSfqx/7SxA0zyZC+r13f7ASbMaQFzm+/RRusTqozY/p/MsWx8QIDAQAB&quot;
+) ;
+</code></pre></div>
+<p>Take the content between <code>( ... )</code>, and combine all the quote wrapped content and remove the double-quotes including the white-space between them. That is your <code>TXT</code> record value, the above example would become this:</p>
+<div class="highlight"><pre><span></span><code>v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQMMqhb1S52Rg7VFS3EC6JQIMxNDdiBmOKZvY5fiVtD3Z+yd9ZV+V8e4IARVoMXWcJWSR6xkloitzfrRtJRwOYvmrcgugOalkmM0V4Gy/2aXeamuiBuUc4esDQEI3egmtAsHcVY1XCoYfs+9VqoHEq3vdr3UQ8zP/l+FP5UfcaJFCK/ZllqcO2P1GjIDVSHLdPpRHbMP/tU1a9mNZ5QMZBJ/JuJK/s+2bp8gpxKn8rh1akSQjlynlV9NI+7J3CC7CUf3bGvoXIrb37C/lpJehS39KNtcGdaRufKauSfqx/7SxA0zyZC+r13f7ASbMaQFzm+/RRusTqozY/p/MsWx8QIDAQAB
+</code></pre></div>
+<p>To test that your new DKIM record is correct, query it with the <code>dig</code> command. The <code>TXT</code> value response should be a single line split into multiple parts wrapped in double-quotes:</p>
+<div class="highlight"><pre><span></span><code><span class="gp">$ </span>dig<span class="w"> </span>+short<span class="w"> </span>TXT<span class="w"> </span>dkim-rsa._domainkey.example.com
+<span class="go">&quot;v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQMMqhb1S52Rg7VFS3EC6JQIMxNDdiBmOKZvY5fiVtD3Z+yd9ZV+V8e4IARVoMXWcJWSR6xkloitzfrRtJRwOYvmrcgugOalkmM0V4Gy/2aXeamuiBuUc4esDQEI3egmtAsHcVY1XCoYfs+9VqoHEq3vdr3UQ8zP/l+FP5UfcaJFCK/ZllqcO2P1GjIDVSHLdPpRHbMP/tU1a9mNZ5QMZBJ/JuJK/s+2bp8gpxKn8rh1akSQjlynlV9NI+7J3CC7CUf3bGvoXIrb37C/lpJehS39&quot; &quot;KNtcGdaRufKauSfqx/7SxA0zyZC+r13f7ASbMaQFzm+/RRusTqozY/p/MsWx8QIDAQAB&quot;</span>
+</code></pre></div>
+</details>
+<h3 id="dkim-debug"><a class="toclink" href="#dkim-debug">Troubleshooting</a></h3>
+<p><a href="https://mxtoolbox.com/dkim.aspx">MxToolbox has a DKIM Verifier</a> that you can use to check your DKIM DNS record(s).</p>
+<p>When using Rspamd, we recommend you turn on <code>check_pubkey = true;</code> in <code>dkim_signing.conf</code>. Rspamd will then check whether your private key matches your public key, and you can check possible mismatches by looking at <code>/var/log/supervisor/rspamd.log</code>.</p>
+<h2 id="dmarc"><a class="toclink" href="#dmarc">DMARC</a></h2>
+<p>With DMS, DMARC is pre-configured out of the box. You may disable extra and excessive DMARC checks when using Rspamd via <code>ENABLE_OPENDMARC=0</code>.</p>
+<p>The only thing you need to do in order to enable DMARC on a "DNS-level" is to add new <code>TXT</code>. In contrast to <a href="#dkim">DKIM</a>, DMARC DNS entries do not require any keys, but merely setting the <a href="https://github.com/internetstandards/toolbox-wiki/blob/master/DMARC-how-to.md#overview-of-dmarc-configuration-tags">configuration values</a>. You can either handcraft the entry by yourself or use one of available generators (like <a href="https://dmarcguide.globalcyberalliance.org">this one</a>).</p>
+<p>Typically something like this should be good to start with:</p>
+<div class="highlight"><pre><span></span><code>_dmarc.example.com. IN TXT &quot;v=DMARC1; p=none; sp=none; fo=0; adkim=4; aspf=r; pct=100; rf=afrf; ri=86400; rua=mailto:dmarc.report@example.com; ruf=mailto:dmarc.report@example.com&quot;
+</code></pre></div>
+<p>Or a bit more strict policies (<em>mind <code>p=quarantine</code> and <code>sp=quarantine</code></em>):</p>
+<div class="highlight"><pre><span></span><code>_dmarc.example.com. IN TXT &quot;v=DMARC1; p=quarantine; sp=quarantine; fo=0; adkim=r; aspf=r; pct=100; rf=afrf; ri=86400; rua=mailto:dmarc.report@example.com; ruf=mailto:dmarc.report@example.com&quot;
+</code></pre></div>
+<p>The DMARC status may not be displayed instantly due to delays in DNS (caches). Dmarcian has <a href="https://dmarcian.com/dmarc-tools/">a few tools</a> you can use to verify your DNS records.</p>
+<h2 id="spf"><a class="toclink" href="#spf">SPF</a></h2>
+<div class="admonition quote">
+<p class="admonition-title">What is SPF</p>
+<p>Sender Policy Framework (SPF) is a simple email-validation system designed to detect email spoofing by providing a mechanism to allow receiving mail exchangers to check that incoming mail from a domain comes from a host authorized by that domain's administrators.</p>
+<p><a href="https://en.wikipedia.org/wiki/Sender_Policy_Framework">Source</a></p>
 </div>
 <div class="admonition note">
-<p class="admonition-title">Note</p>
-<p>For a more technical review: <a href="https://github.com/internetstandards/toolbox-wiki/blob/master/SPF-how-to.md">https://github.com/internetstandards/toolbox-wiki/blob/master/SPF-how-to.md</a></p>
+<p class="admonition-title">Disabling <code>policyd-spf</code>?</p>
+<p>As of now, <code>policyd-spf</code> cannot be disabled. This is WIP.</p>
 </div>
-<h2 id="add-a-spf-record"><a class="toclink" href="#add-a-spf-record">Add a SPF Record</a></h2>
+<h3 id="adding-an-spf-record"><a class="toclink" href="#adding-an-spf-record">Adding an SPF Record</a></h3>
 <p>To add a SPF record in your DNS, insert the following line in your DNS zone:</p>
-<div class="highlight"><pre><span></span><code>; MX record must be declared for SPF to work
-example.com. IN  MX 1 mail.example.com.
-
-; SPF record
-example.com. IN TXT &quot;v=spf1 mx ~all&quot;
+<div class="highlight"><pre><span></span><code>example.com. IN TXT &quot;v=spf1 mx ~all&quot;
 </code></pre></div>
-<p>This enables the <em>Softfail</em> mode for SPF. You could first add this SPF record with a very low TTL.</p>
-<p><em>SoftFail</em> is a good setting for getting started and testing, as it lets all email through, with spams tagged as such in the mailbox.</p>
+<p>This enables the <em>Softfail</em> mode for SPF. You could first add this SPF record with a very low TTL. <em>SoftFail</em> is a good setting for getting started and testing, as it lets all email through, with spams tagged as such in the mailbox.</p>
 <p>After verification, you <em>might</em> want to change your SPF record to <code>v=spf1 mx -all</code> so as to enforce the <em>HardFail</em> policy. See <a href="http://www.open-spf.org/SPF_Record_Syntax">http://www.open-spf.org/SPF_Record_Syntax</a> for more details about SPF policies.</p>
 <p>In any case, increment the SPF record's TTL to its final value.</p>
-<h2 id="backup-mx-secondary-mx"><a class="toclink" href="#backup-mx-secondary-mx">Backup MX, Secondary MX</a></h2>
+<h3 id="backup-mx-secondary-mx-for-policyd-spf"><a class="toclink" href="#backup-mx-secondary-mx-for-policyd-spf">Backup MX &amp; Secondary MX for <code>policyd-spf</code></a></h3>
 <p>For whitelisting an IP Address from the SPF test, you can create a config file (see <a href="https://www.linuxcertif.com/man/5/policyd-spf.conf"><code>policyd-spf.conf</code></a>) and mount that file into <code>/etc/postfix-policyd-spf-python/policyd-spf.conf</code>.</p>
-<p><strong>Example:</strong></p>
-<p>Create and edit a <code>policyd-spf.conf</code> file at <code>docker-data/dms/config/postfix-policyd-spf.conf</code>:</p>
+<p><strong>Example:</strong> Create and edit a <code>policyd-spf.conf</code> file at <code>docker-data/dms/config/postfix-policyd-spf.conf</code>:</p>
 <div class="highlight"><pre><span></span><code><span class="na">debugLevel</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">1</span>
 <span class="c1">#0(only errors)-4(complete data received)</span>

@ -1544,8 +1864,6 @@ example.com. IN TXT &quot;v=spf1 mx ~all&quot;



-  
-


                
--- a/edge/config/best-practices/dmarc/index.html
+++ b/edge/config/best-practices/dmarc/index.html
--- a/edge/config/debugging/index.html
+++ b/edge/config/debugging/index.html
@ -517,36 +517,8 @@
  
  
    <li class="md-nav__item">
-      <a href="../best-practices/dkim/" class="md-nav__link">
-        DKIM
-      </a>
-    </li>
-  
-
-            
-          
-            
-              
-  
-  
-  
-    <li class="md-nav__item">
-      <a href="../best-practices/dmarc/" class="md-nav__link">
-        DMARC
-      </a>
-    </li>
-  
-
-            
-          
-            
-              
-  
-  
-  
-    <li class="md-nav__item">
-      <a href="../best-practices/spf/" class="md-nav__link">
-        SPF
+      <a href="../best-practices/dkim_dmarc_spf/" class="md-nav__link">
+        DKIM, DMARC & SPF
      </a>
    </li>
  
--- a/edge/config/environment/index.html
+++ b/edge/config/environment/index.html
@ -1492,36 +1492,8 @@
  
  
    <li class="md-nav__item">
-      <a href="../best-practices/dkim/" class="md-nav__link">
-        DKIM
-      </a>
-    </li>
-  
-
-            
-          
-            
-              
-  
-  
-  
-    <li class="md-nav__item">
-      <a href="../best-practices/dmarc/" class="md-nav__link">
-        DMARC
-      </a>
-    </li>
-  
-
-            
-          
-            
-              
-  
-  
-  
-    <li class="md-nav__item">
-      <a href="../best-practices/spf/" class="md-nav__link">
-        SPF
+      <a href="../best-practices/dkim_dmarc_spf/" class="md-nav__link">
+        DKIM, DMARC & SPF
      </a>
    </li>
  
--- a/edge/config/pop3/index.html
+++ b/edge/config/pop3/index.html
@ -512,36 +512,8 @@
  
  
    <li class="md-nav__item">
-      <a href="../best-practices/dkim/" class="md-nav__link">
-        DKIM
-      </a>
-    </li>
-  
-
-            
-          
-            
-              
-  
-  
-  
-    <li class="md-nav__item">
-      <a href="../best-practices/dmarc/" class="md-nav__link">
-        DMARC
-      </a>
-    </li>
-  
-
-            
-          
-            
-              
-  
-  
-  
-    <li class="md-nav__item">
-      <a href="../best-practices/spf/" class="md-nav__link">
-        SPF
+      <a href="../best-practices/dkim_dmarc_spf/" class="md-nav__link">
+        DKIM, DMARC & SPF
      </a>
    </li>
  
--- a/edge/config/security/fail2ban/index.html
+++ b/edge/config/security/fail2ban/index.html
@ -517,36 +517,8 @@
  
  
    <li class="md-nav__item">
-      <a href="../../best-practices/dkim/" class="md-nav__link">
-        DKIM
-      </a>
-    </li>
-  
-
-            
-          
-            
-              
-  
-  
-  
-    <li class="md-nav__item">
-      <a href="../../best-practices/dmarc/" class="md-nav__link">
-        DMARC
-      </a>
-    </li>
-  
-
-            
-          
-            
-              
-  
-  
-  
-    <li class="md-nav__item">
-      <a href="../../best-practices/spf/" class="md-nav__link">
-        SPF
+      <a href="../../best-practices/dkim_dmarc_spf/" class="md-nav__link">
+        DKIM, DMARC & SPF
      </a>
    </li>
  
--- a/edge/config/security/mail_crypt/index.html
+++ b/edge/config/security/mail_crypt/index.html
@ -515,36 +515,8 @@
  
  
    <li class="md-nav__item">
-      <a href="../../best-practices/dkim/" class="md-nav__link">
-        DKIM
-      </a>
-    </li>
-  
-
-            
-          
-            
-              
-  
-  
-  
-    <li class="md-nav__item">
-      <a href="../../best-practices/dmarc/" class="md-nav__link">
-        DMARC
-      </a>
-    </li>
-  
-
-            
-          
-            
-              
-  
-  
-  
-    <li class="md-nav__item">
-      <a href="../../best-practices/spf/" class="md-nav__link">
-        SPF
+      <a href="../../best-practices/dkim_dmarc_spf/" class="md-nav__link">
+        DKIM, DMARC & SPF
      </a>
    </li>
  
--- a/edge/config/security/rspamd/index.html
+++ b/edge/config/security/rspamd/index.html
@ -515,36 +515,8 @@
  
  
    <li class="md-nav__item">
-      <a href="../../best-practices/dkim/" class="md-nav__link">
-        DKIM
-      </a>
-    </li>
-  
-
-            
-          
-            
-              
-  
-  
-  
-    <li class="md-nav__item">
-      <a href="../../best-practices/dmarc/" class="md-nav__link">
-        DMARC
-      </a>
-    </li>
-  
-
-            
-          
-            
-              
-  
-  
-  
-    <li class="md-nav__item">
-      <a href="../../best-practices/spf/" class="md-nav__link">
-        SPF
+      <a href="../../best-practices/dkim_dmarc_spf/" class="md-nav__link">
+        DKIM, DMARC & SPF
      </a>
    </li>
  
@ -1795,7 +1767,7 @@
 <p>Note that when also <a href="#with-the-help-of-a-custom-file">using the <code>rspamd-commands</code> file</a>, files in <code>override.d</code> may be overwritten in case you adjust them manually and with the help of the file.</p>
 </div>
 <h3 id="with-the-help-of-a-custom-file"><a class="toclink" href="#with-the-help-of-a-custom-file">With the Help of a Custom File</a></h3>
-<p>DMS provides the ability to do simple adjustments to Rspamd modules with the help of a single file. Just place a file called <code>rspamd-modules.conf</code> into the directory <code>docker-data/dms/config/</code> (which translates to <code>/tmp/docker-mailserver/</code> in the container). If this file is present, DMS will evaluate it. The structure is <em>very</em> simple. Each line in the file looks like this:</p>
+<p>DMS provides the ability to do simple adjustments to Rspamd modules with the help of a single file. Just place a file called <code>rspamd-modules.conf</code> into the <a href="../../advanced/optional-config/">local config directory <code>docker-data/dms/config/</code></a>. If this file is present, DMS will evaluate it. The structure is <em>very</em> simple. Each line in the file looks like this:</p>
 <div class="highlight"><pre><span></span><code>COMMAND ARGUMENT1 ARGUMENT2 ARGUMENT3
 </code></pre></div>
 <p>where <code>COMMAND</code> can be:</p>
@ -1838,76 +1810,7 @@
 <li>But the chartable module gets on your nerves? Just disable it by adding another line: <code>disable-module chartable</code>.</li>
 </ol>
 <h3 id="dkim-signing"><a class="toclink" href="#dkim-signing">DKIM Signing</a></h3>
-<p>By default, DMS offers no option to generate and configure signing e-mails with DKIM. This is because the parsing would be difficult. But don't worry: the process is relatively straightforward nevertheless. The <a href="https://rspamd.com/doc/modules/dkim_signing.html">official Rspamd documentation for the DKIM signing module</a> is pretty good. Basically, you need to</p>
-<ol>
-<li><code>exec</code> into the container</li>
-<li>Run a command similar to <code>rspamadm dkim_keygen -s 'woosh' -b 2048 -d example.com -k example.private &gt; example.txt</code>, adjusted to your needs</li>
-<li>Make sure to then persists the files <code>example.private</code> and <code>example.txt</code> (created in step 2) in the container (for example with a Docker bind mount)</li>
-<li>Create a configuration for the DKIM signing module, i.e. a file called <code>dkim_signing.conf</code> that you mount to <code>/etc/rspamd/local.d/</code> or <code>/etc/rspamd/override.d/</code>. We provide example configurations down below. We recommend mounting this file into the container as well (as described <a href="#manually">here</a>); do not use <a href="#with-the-help-of-a-custom-file"><code>rspamd-modules.conf</code></a> for this purpose.</li>
-</ol>
-<details class="example">
-<summary>DKIM Signing Module Configuration Examples</summary>
-<p>A simple configuration could look like this:</p>
-<div class="highlight"><pre><span></span><code><span class="c1"># documentation: https://rspamd.com/doc/modules/dkim_signing.html</span>
-
-<span class="na">enabled</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">true</span><span class="c1">;</span>
-
-<span class="na">sign_authenticated</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">true</span><span class="c1">;</span>
-<span class="na">sign_local</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">true</span><span class="c1">;</span>
-
-<span class="na">use_domain</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">&quot;header&quot;</span><span class="c1">;</span>
-<span class="na">use_redis</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">false</span><span class="c1">; # don&#39;t change unless Redis also provides the DKIM keys</span>
-<span class="na">use_esld</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">true</span><span class="c1">;</span>
-<span class="na">check_pubkey</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">true</span><span class="c1">;</span>
-
-<span class="na">domain {</span>
-<span class="w">    </span><span class="na">example.com {</span>
-<span class="w">        </span><span class="na">path</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">&quot;/path/to/example.private&quot;</span><span class="c1">;</span>
-<span class="w">        </span><span class="na">selector</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">&quot;woosh&quot;</span><span class="c1">;</span>
-<span class="w">    </span><span class="na">}</span>
-<span class="na">}</span>
-</code></pre></div>
-<p>If you have multiple domains and you want to sign with the modern ED25519 elliptic curve but also with RSA (you will likely want to have RSA as a fallback!):</p>
-<div class="highlight"><pre><span></span><code><span class="c1"># documentation: https://rspamd.com/doc/modules/dkim_signing.html</span>
-
-<span class="na">enabled</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">true</span><span class="c1">;</span>
-
-<span class="na">sign_authenticated</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">true</span><span class="c1">;</span>
-<span class="na">sign_local</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">true</span><span class="c1">;</span>
-
-<span class="na">use_domain</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">&quot;header&quot;</span><span class="c1">;</span>
-<span class="na">use_redis</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">false</span><span class="c1">; # don&#39;t change unless Redis also provides the DKIM keys</span>
-<span class="na">use_esld</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">true</span><span class="c1">;</span>
-<span class="na">check_pubkey</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">true</span><span class="c1">;</span>
-
-<span class="na">domain {</span>
-<span class="w">    </span><span class="na">example.com {</span>
-<span class="w">        </span><span class="na">selectors [</span>
-<span class="w">            </span><span class="na">{</span>
-<span class="w">                </span><span class="na">path</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">&quot;/path/to/com.example.rsa.private&quot;</span><span class="c1">;</span>
-<span class="w">                </span><span class="na">selector</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">&quot;dkim-rsa&quot;</span><span class="c1">;</span>
-<span class="w">            </span><span class="na">},</span>
-<span class="w">            </span><span class="na">{</span>
-<span class="w">              </span><span class="na">path</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">/path/to/com.example.ed25519.private&quot;</span><span class="c1">;</span>
-<span class="w">              </span><span class="na">selector</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">&quot;dkim-ed25519&quot;</span><span class="c1">;</span>
-<span class="w">            </span><span class="na">}</span>
-<span class="w">      </span><span class="na">]</span>
-<span class="w">    </span><span class="na">}</span>
-<span class="w">    </span><span class="na">example.org {</span>
-<span class="w">        </span><span class="na">selectors [</span>
-<span class="w">            </span><span class="na">{</span>
-<span class="w">                </span><span class="na">path</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">&quot;/path/to/org.example.rsa.private&quot;</span><span class="c1">;</span>
-<span class="w">                </span><span class="na">selector</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">&quot;dkim-rsa&quot;</span><span class="c1">;</span>
-<span class="w">            </span><span class="na">},</span>
-<span class="w">            </span><span class="na">{</span>
-<span class="w">              </span><span class="na">path</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">&quot;/path/to/org.example.ed25519.private&quot;</span><span class="c1">;</span>
-<span class="w">              </span><span class="na">selector</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">&quot;dkim-ed25519&quot;</span><span class="c1">;</span>
-<span class="w">            </span><span class="na">}</span>
-<span class="w">        </span><span class="na">]</span>
-<span class="w">    </span><span class="na">}</span>
-<span class="na">}</span>
-</code></pre></div>
-</details>
+<p>There is a dedicated <a href="../../best-practices/dkim_dmarc_spf/#dkim">section for setting up DKIM with Rspamd in our documentation</a>.</p>
 <h3 id="abusix-integration"><a class="toclink" href="#abusix-integration"><em>Abusix</em> Integration</a></h3>
 <p>This subsection gives information about the integration of <a href="https://abusix.com/">Abusix</a>, "a set of blocklists that work as an additional email security layer for your existing mail environment". The setup is straight-forward and well documented:</p>
 <ol>
--- a/edge/config/security/ssl/index.html
+++ b/edge/config/security/ssl/index.html
@ -515,36 +515,8 @@
  
  
    <li class="md-nav__item">
-      <a href="../../best-practices/dkim/" class="md-nav__link">
-        DKIM
-      </a>
-    </li>
-  
-
-            
-          
-            
-              
-  
-  
-  
-    <li class="md-nav__item">
-      <a href="../../best-practices/dmarc/" class="md-nav__link">
-        DMARC
-      </a>
-    </li>
-  
-
-            
-          
-            
-              
-  
-  
-  
-    <li class="md-nav__item">
-      <a href="../../best-practices/spf/" class="md-nav__link">
-        SPF
+      <a href="../../best-practices/dkim_dmarc_spf/" class="md-nav__link">
+        DKIM, DMARC & SPF
      </a>
    </li>
  
--- a/edge/config/security/understanding-the-ports/index.html
+++ b/edge/config/security/understanding-the-ports/index.html
@ -515,36 +515,8 @@
  
  
    <li class="md-nav__item">
-      <a href="../../best-practices/dkim/" class="md-nav__link">
-        DKIM
-      </a>
-    </li>
-  
-
-            
-          
-            
-              
-  
-  
-  
-    <li class="md-nav__item">
-      <a href="../../best-practices/dmarc/" class="md-nav__link">
-        DMARC
-      </a>
-    </li>
-  
-
-            
-          
-            
-              
-  
-  
-  
-    <li class="md-nav__item">
-      <a href="../../best-practices/spf/" class="md-nav__link">
-        SPF
+      <a href="../../best-practices/dkim_dmarc_spf/" class="md-nav__link">
+        DKIM, DMARC & SPF
      </a>
    </li>
  
--- a/edge/config/setup.sh/index.html
+++ b/edge/config/setup.sh/index.html
@ -512,36 +512,8 @@
  
  
    <li class="md-nav__item">
-      <a href="../best-practices/dkim/" class="md-nav__link">
-        DKIM
-      </a>
-    </li>
-  
-
-            
-          
-            
-              
-  
-  
-  
-    <li class="md-nav__item">
-      <a href="../best-practices/dmarc/" class="md-nav__link">
-        DMARC
-      </a>
-    </li>
-  
-
-            
-          
-            
-              
-  
-  
-  
-    <li class="md-nav__item">
-      <a href="../best-practices/spf/" class="md-nav__link">
-        SPF
+      <a href="../best-practices/dkim_dmarc_spf/" class="md-nav__link">
+        DKIM, DMARC & SPF
      </a>
    </li>
  
--- a/edge/config/user-management/index.html
+++ b/edge/config/user-management/index.html
@ -18,7 +18,7 @@
        <link rel="prev" href="../environment/">
      
      
-        <link rel="next" href="../best-practices/dkim/">
+        <link rel="next" href="../best-practices/dkim_dmarc_spf/">
      
      <link rel="icon" href="../../assets/logo/favicon-32x32.png">
      <meta name="generator" content="mkdocs-1.4.2, mkdocs-material-9.1.5">
@ -630,36 +630,8 @@
  
  
    <li class="md-nav__item">
-      <a href="../best-practices/dkim/" class="md-nav__link">
-        DKIM
-      </a>
-    </li>
-  
-
-            
-          
-            
-              
-  
-  
-  
-    <li class="md-nav__item">
-      <a href="../best-practices/dmarc/" class="md-nav__link">
-        DMARC
-      </a>
-    </li>
-  
-
-            
-          
-            
-              
-  
-  
-  
-    <li class="md-nav__item">
-      <a href="../best-practices/spf/" class="md-nav__link">
-        SPF
+      <a href="../best-practices/dkim_dmarc_spf/" class="md-nav__link">
+        DKIM, DMARC & SPF
      </a>
    </li>
  
--- a/edge/contributing/general/index.html
+++ b/edge/contributing/general/index.html
@ -515,36 +515,8 @@
  
  
    <li class="md-nav__item">
-      <a href="../../config/best-practices/dkim/" class="md-nav__link">
-        DKIM
-      </a>
-    </li>
-  
-
-            
-          
-            
-              
-  
-  
-  
-    <li class="md-nav__item">
-      <a href="../../config/best-practices/dmarc/" class="md-nav__link">
-        DMARC
-      </a>
-    </li>
-  
-
-            
-          
-            
-              
-  
-  
-  
-    <li class="md-nav__item">
-      <a href="../../config/best-practices/spf/" class="md-nav__link">
-        SPF
+      <a href="../../config/best-practices/dkim_dmarc_spf/" class="md-nav__link">
+        DKIM, DMARC & SPF
      </a>
    </li>
  
--- a/edge/contributing/issues-and-pull-requests/index.html
+++ b/edge/contributing/issues-and-pull-requests/index.html
@ -513,36 +513,8 @@
  
  
    <li class="md-nav__item">
-      <a href="../../config/best-practices/dkim/" class="md-nav__link">
-        DKIM
-      </a>
-    </li>
-  
-
-            
-          
-            
-              
-  
-  
-  
-    <li class="md-nav__item">
-      <a href="../../config/best-practices/dmarc/" class="md-nav__link">
-        DMARC
-      </a>
-    </li>
-  
-
-            
-          
-            
-              
-  
-  
-  
-    <li class="md-nav__item">
-      <a href="../../config/best-practices/spf/" class="md-nav__link">
-        SPF
+      <a href="../../config/best-practices/dkim_dmarc_spf/" class="md-nav__link">
+        DKIM, DMARC & SPF
      </a>
    </li>
  
--- a/edge/contributing/tests/index.html
+++ b/edge/contributing/tests/index.html
@ -515,36 +515,8 @@
  
  
    <li class="md-nav__item">
-      <a href="../../config/best-practices/dkim/" class="md-nav__link">
-        DKIM
-      </a>
-    </li>
-  
-
-            
-          
-            
-              
-  
-  
-  
-    <li class="md-nav__item">
-      <a href="../../config/best-practices/dmarc/" class="md-nav__link">
-        DMARC
-      </a>
-    </li>
-  
-
-            
-          
-            
-              
-  
-  
-  
-    <li class="md-nav__item">
-      <a href="../../config/best-practices/spf/" class="md-nav__link">
-        SPF
+      <a href="../../config/best-practices/dkim_dmarc_spf/" class="md-nav__link">
+        DKIM, DMARC & SPF
      </a>
    </li>
  
--- a/edge/examples/tutorials/basic-installation/index.html
+++ b/edge/examples/tutorials/basic-installation/index.html
@ -515,36 +515,8 @@
  
  
    <li class="md-nav__item">
-      <a href="../../../config/best-practices/dkim/" class="md-nav__link">
-        DKIM
-      </a>
-    </li>
-  
-
-            
-          
-            
-              
-  
-  
-  
-    <li class="md-nav__item">
-      <a href="../../../config/best-practices/dmarc/" class="md-nav__link">
-        DMARC
-      </a>
-    </li>
-  
-
-            
-          
-            
-              
-  
-  
-  
-    <li class="md-nav__item">
-      <a href="../../../config/best-practices/spf/" class="md-nav__link">
-        SPF
+      <a href="../../../config/best-practices/dkim_dmarc_spf/" class="md-nav__link">
+        DKIM, DMARC & SPF
      </a>
    </li>
  
@ -1645,7 +1617,7 @@ ufw<span class="w"> </span>allow<span class="w"> </span><span class="m">465</spa
 </details>
 </li>
 <li>
-<p>Configure your DNS service to use an MX record for the <em>hostname</em> (eg: <code>mail</code>) you configured in the previous step and add the <a href="../../../config/best-practices/spf/">SPF</a> TXT record.</p>
+<p>Configure your DNS service to use an MX record for the <em>hostname</em> (eg: <code>mail</code>) you configured in the previous step and add the <a href="../../../config/best-practices/dkim_dmarc_spf/#spf">SPF</a> TXT record.</p>
 <div class="admonition tip">
 <p class="admonition-title">If you manually manage the DNS zone file for the domain</p>
 <p>It would look something like this:</p>
@ -1663,7 +1635,7 @@ mail  IN  A      10.11.12.13
 </div>
 </li>
 <li>
-<p><a href="../../../config/best-practices/dkim/">Generate DKIM keys</a> for your domain via <code>setup config dkim</code>.</p>
+<p><a href="../../../config/best-practices/dkim_dmarc_spf/#dkim">Generate DKIM keys</a> for your domain via <code>setup config dkim</code>.</p>
 <p>Copy the content of the file <code>docker-data/dms/config/opendkim/keys/example.com/mail.txt</code> and add it to your DNS records as a TXT like SPF was handled above.</p>
 <p>I use <a href="https://github.com/docker-scripts/bind9">bind9</a> for managing my domains, so I just paste it on <code>example.com.db</code>:</p>
 <div class="highlight"><pre><span></span><code>mail._domainkey IN      TXT     ( &quot;v=DKIM1; h=sha256; k=rsa; &quot;
--- a/edge/examples/tutorials/blog-posts/index.html
+++ b/edge/examples/tutorials/blog-posts/index.html
@ -510,36 +510,8 @@
  
  
    <li class="md-nav__item">
-      <a href="../../../config/best-practices/dkim/" class="md-nav__link">
-        DKIM
-      </a>
-    </li>
-  
-
-            
-          
-            
-              
-  
-  
-  
-    <li class="md-nav__item">
-      <a href="../../../config/best-practices/dmarc/" class="md-nav__link">
-        DMARC
-      </a>
-    </li>
-  
-
-            
-          
-            
-              
-  
-  
-  
-    <li class="md-nav__item">
-      <a href="../../../config/best-practices/spf/" class="md-nav__link">
-        SPF
+      <a href="../../../config/best-practices/dkim_dmarc_spf/" class="md-nav__link">
+        DKIM, DMARC & SPF
      </a>
    </li>
  
--- a/edge/examples/tutorials/docker-build/index.html
+++ b/edge/examples/tutorials/docker-build/index.html
@ -515,36 +515,8 @@
  
  
    <li class="md-nav__item">
-      <a href="../../../config/best-practices/dkim/" class="md-nav__link">
-        DKIM
-      </a>
-    </li>
-  
-
-            
-          
-            
-              
-  
-  
-  
-    <li class="md-nav__item">
-      <a href="../../../config/best-practices/dmarc/" class="md-nav__link">
-        DMARC
-      </a>
-    </li>
-  
-
-            
-          
-            
-              
-  
-  
-  
-    <li class="md-nav__item">
-      <a href="../../../config/best-practices/spf/" class="md-nav__link">
-        SPF
+      <a href="../../../config/best-practices/dkim_dmarc_spf/" class="md-nav__link">
+        DKIM, DMARC & SPF
      </a>
    </li>
  
--- a/edge/examples/tutorials/mailserver-behind-proxy/index.html
+++ b/edge/examples/tutorials/mailserver-behind-proxy/index.html
@ -515,36 +515,8 @@
  
  
    <li class="md-nav__item">
-      <a href="../../../config/best-practices/dkim/" class="md-nav__link">
-        DKIM
-      </a>
-    </li>
-  
-
-            
-          
-            
-              
-  
-  
-  
-    <li class="md-nav__item">
-      <a href="../../../config/best-practices/dmarc/" class="md-nav__link">
-        DMARC
-      </a>
-    </li>
-  
-
-            
-          
-            
-              
-  
-  
-  
-    <li class="md-nav__item">
-      <a href="../../../config/best-practices/spf/" class="md-nav__link">
-        SPF
+      <a href="../../../config/best-practices/dkim_dmarc_spf/" class="md-nav__link">
+        DKIM, DMARC & SPF
      </a>
    </li>
  
--- a/edge/examples/use-cases/forward-only-mailserver-with-ldap-authentication/index.html
+++ b/edge/examples/use-cases/forward-only-mailserver-with-ldap-authentication/index.html
@ -515,36 +515,8 @@
  
  
    <li class="md-nav__item">
-      <a href="../../../config/best-practices/dkim/" class="md-nav__link">
-        DKIM
-      </a>
-    </li>
-  
-
-            
-          
-            
-              
-  
-  
-  
-    <li class="md-nav__item">
-      <a href="../../../config/best-practices/dmarc/" class="md-nav__link">
-        DMARC
-      </a>
-    </li>
-  
-
-            
-          
-            
-              
-  
-  
-  
-    <li class="md-nav__item">
-      <a href="../../../config/best-practices/spf/" class="md-nav__link">
-        SPF
+      <a href="../../../config/best-practices/dkim_dmarc_spf/" class="md-nav__link">
+        DKIM, DMARC & SPF
      </a>
    </li>
  
--- a/edge/examples/use-cases/imap-folders/index.html
+++ b/edge/examples/use-cases/imap-folders/index.html
@ -517,36 +517,8 @@
  
  
    <li class="md-nav__item">
-      <a href="../../../config/best-practices/dkim/" class="md-nav__link">
-        DKIM
-      </a>
-    </li>
-  
-
-            
-          
-            
-              
-  
-  
-  
-    <li class="md-nav__item">
-      <a href="../../../config/best-practices/dmarc/" class="md-nav__link">
-        DMARC
-      </a>
-    </li>
-  
-
-            
-          
-            
-              
-  
-  
-  
-    <li class="md-nav__item">
-      <a href="../../../config/best-practices/spf/" class="md-nav__link">
-        SPF
+      <a href="../../../config/best-practices/dkim_dmarc_spf/" class="md-nav__link">
+        DKIM, DMARC & SPF
      </a>
    </li>
  
--- a/edge/faq/index.html
+++ b/edge/faq/index.html
@ -515,36 +515,8 @@
  
  
    <li class="md-nav__item">
-      <a href="../config/best-practices/dkim/" class="md-nav__link">
-        DKIM
-      </a>
-    </li>
-  
-
-            
-          
-            
-              
-  
-  
-  
-    <li class="md-nav__item">
-      <a href="../config/best-practices/dmarc/" class="md-nav__link">
-        DMARC
-      </a>
-    </li>
-  
-
-            
-          
-            
-              
-  
-  
-  
-    <li class="md-nav__item">
-      <a href="../config/best-practices/spf/" class="md-nav__link">
-        SPF
+      <a href="../config/best-practices/dkim_dmarc_spf/" class="md-nav__link">
+        DKIM, DMARC & SPF
      </a>
    </li>
  
--- a/edge/index.html
+++ b/edge/index.html
@ -595,36 +595,8 @@
  
  
    <li class="md-nav__item">
-      <a href="config/best-practices/dkim/" class="md-nav__link">
-        DKIM
-      </a>
-    </li>
-  
-
-            
-          
-            
-              
-  
-  
-  
-    <li class="md-nav__item">
-      <a href="config/best-practices/dmarc/" class="md-nav__link">
-        DMARC
-      </a>
-    </li>
-  
-
-            
-          
-            
-              
-  
-  
-  
-    <li class="md-nav__item">
-      <a href="config/best-practices/spf/" class="md-nav__link">
-        SPF
+      <a href="config/best-practices/dkim_dmarc_spf/" class="md-nav__link">
+        DKIM, DMARC & SPF
      </a>
    </li>
  
--- a/edge/introduction/index.html
+++ b/edge/introduction/index.html
@ -638,36 +638,8 @@
  
  
    <li class="md-nav__item">
-      <a href="../config/best-practices/dkim/" class="md-nav__link">
-        DKIM
-      </a>
-    </li>
-  
-
-            
-          
-            
-              
-  
-  
-  
-    <li class="md-nav__item">
-      <a href="../config/best-practices/dmarc/" class="md-nav__link">
-        DMARC
-      </a>
-    </li>
-  
-
-            
-          
-            
-              
-  
-  
-  
-    <li class="md-nav__item">
-      <a href="../config/best-practices/spf/" class="md-nav__link">
-        SPF
+      <a href="../config/best-practices/dkim_dmarc_spf/" class="md-nav__link">
+        DKIM, DMARC & SPF
      </a>
    </li>
  
--- a/edge/search/search_index.json
+++ b/edge/search/search_index.json
--- a/edge/sitemap.xml
+++ b/edge/sitemap.xml
@ -126,17 +126,7 @@
         <changefreq>daily</changefreq>
    </url>
    <url>
-         <loc>https://docker-mailserver.github.io/docker-mailserver/edge/config/best-practices/dkim/</loc>
-         <lastmod>2023-04-10</lastmod>
-         <changefreq>daily</changefreq>
-    </url>
-    <url>
-         <loc>https://docker-mailserver.github.io/docker-mailserver/edge/config/best-practices/dmarc/</loc>
-         <lastmod>2023-04-10</lastmod>
-         <changefreq>daily</changefreq>
-    </url>
-    <url>
-         <loc>https://docker-mailserver.github.io/docker-mailserver/edge/config/best-practices/spf/</loc>
+         <loc>https://docker-mailserver.github.io/docker-mailserver/edge/config/best-practices/dkim_dmarc_spf/</loc>
         <lastmod>2023-04-10</lastmod>
         <changefreq>daily</changefreq>
    </url>
--- a/edge/usage/index.html
+++ b/edge/usage/index.html
@ -534,15 +534,8 @@
 </li>
        
          <li class="md-nav__item">
-  <a href="#dkim-keys" class="md-nav__link">
-    DKIM Keys
-  </a>
-  
-</li>
-        
-          <li class="md-nav__item">
-  <a href="#advanced-dns-setup" class="md-nav__link">
-    Advanced DNS Setup
+  <a href="#advanced-dns-setup-dkim-dmarc-spf" class="md-nav__link">
+    Advanced DNS Setup - DKIM, DMARC &amp; SPF
  </a>
  
 </li>
@ -668,36 +661,8 @@
  
  
    <li class="md-nav__item">
-      <a href="../config/best-practices/dkim/" class="md-nav__link">
-        DKIM
-      </a>
-    </li>
-  
-
-            
-          
-            
-              
-  
-  
-  
-    <li class="md-nav__item">
-      <a href="../config/best-practices/dmarc/" class="md-nav__link">
-        DMARC
-      </a>
-    </li>
-  
-
-            
-          
-            
-              
-  
-  
-  
-    <li class="md-nav__item">
-      <a href="../config/best-practices/spf/" class="md-nav__link">
-        SPF
+      <a href="../config/best-practices/dkim_dmarc_spf/" class="md-nav__link">
+        DKIM, DMARC & SPF
      </a>
    </li>
  
@ -1665,15 +1630,8 @@
 </li>
        
          <li class="md-nav__item">
-  <a href="#dkim-keys" class="md-nav__link">
-    DKIM Keys
-  </a>
-  
-</li>
-        
-          <li class="md-nav__item">
-  <a href="#advanced-dns-setup" class="md-nav__link">
-    Advanced DNS Setup
+  <a href="#advanced-dns-setup-dkim-dmarc-spf" class="md-nav__link">
+    Advanced DNS Setup - DKIM, DMARC &amp; SPF
  </a>
  
 </li>
@ -1842,29 +1800,8 @@ wget<span class="w"> </span><span class="s2">&quot;</span><span class="si">${</s
 <p>You should add at least one <a href="../config/user-management/#aliases">alias</a>, the <a href="../config/environment/#postmaster_address"><em>postmaster alias</em></a>. This is a common convention, but not strictly required.</p>
 <div class="highlight"><pre><span></span><code>docker<span class="w"> </span><span class="nb">exec</span><span class="w"> </span>-ti<span class="w"> </span>&lt;CONTAINER<span class="w"> </span>NAME&gt;<span class="w"> </span>setup<span class="w"> </span><span class="nb">alias</span><span class="w"> </span>add<span class="w"> </span>postmaster@example.com<span class="w"> </span>user@example.com
 </code></pre></div>
-<h3 id="dkim-keys"><a class="toclink" href="#dkim-keys">DKIM Keys</a></h3>
-<p>You can (<em>and you should</em>) generate DKIM keys. For more information:</p>
-<ul>
-<li>DKIM <a href="../config/best-practices/dkim/#enabling-dkim-signature">with OpenDKIM</a> (<em>enabled by default</em>)</li>
-<li>DKIM <a href="../config/security/rspamd/#dkim-signing">with Rspamd</a> (<em>when using <code>ENABLE_RSPAMD=1</code></em>)</li>
-</ul>
-<p>When keys are generated, you can configure your DNS server by just pasting the content of <code>config/opendkim/keys/domain.tld/mail.txt</code> to <a href="https://mxtoolbox.com/dmarc/dkim/setup/how-to-setup-dkim">set up DKIM</a>. See the <a href="../config/best-practices/dkim/#configuration-using-a-web-interface">documentation</a> for more details.</p>
-<div class="admonition note">
-<p class="admonition-title">Note</p>
-<p>In case you're using LDAP, the setup looks a bit different as you do not add user accounts directly. Postfix doesn't know your domain(s) and you need to provide it when configuring DKIM:</p>
-<div class="highlight"><pre><span></span><code>docker<span class="w"> </span><span class="nb">exec</span><span class="w"> </span>-ti<span class="w"> </span>&lt;CONTAINER<span class="w"> </span>NAME&gt;<span class="w"> </span>setup<span class="w"> </span>config<span class="w"> </span>dkim<span class="w"> </span>domain<span class="w"> </span><span class="s1">&#39;&lt;domain.tld&gt;[,&lt;domain2.tld&gt;]&#39;</span>
-</code></pre></div>
-</div>
-<h3 id="advanced-dns-setup"><a class="toclink" href="#advanced-dns-setup">Advanced DNS Setup</a></h3>
-<p>You will very likely want to configure your DNS with these TXT records: <a href="https://www.cloudflare.com/learning/email-security/dmarc-dkim-spf/">SPF, DKIM, and DMARC</a>.</p>
-<p>The following illustrates what a (rather strict) set of records could look like:</p>
-<div class="highlight"><pre><span></span><code><span class="gp">$ </span>dig<span class="w"> </span>@1.1.1.1<span class="w"> </span>+short<span class="w"> </span>TXT<span class="w"> </span>example.com
-<span class="go">&quot;v=spf1 mx -all&quot;</span>
-<span class="gp">$ </span>dig<span class="w"> </span>@1.1.1.1<span class="w"> </span>+short<span class="w"> </span>TXT<span class="w"> </span>dkim-rsa._domainkey.example.com
-<span class="go">&quot;v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQ...&quot;</span>
-<span class="gp">$ </span>dig<span class="w"> </span>@1.1.1.1<span class="w"> </span>+short<span class="w"> </span>TXT<span class="w"> </span>_dmarc.example.com
-<span class="go">&quot;v=DMARC1; p=reject; sp=reject; pct=100; adkim=s; aspf=s; fo=1&quot;</span>
-</code></pre></div>
+<h3 id="advanced-dns-setup-dkim-dmarc-spf"><a class="toclink" href="#advanced-dns-setup-dkim-dmarc-spf">Advanced DNS Setup - DKIM, DMARC &amp; SPF</a></h3>
+<p>You will very likely want to configure your DNS with these TXT records: <a href="https://www.cloudflare.com/learning/email-security/dmarc-dkim-spf/">SPF, DKIM, and DMARC</a>. We also ship a <a href="../config/best-practices/dkim_dmarc_spf/">dedicated page in our documentation</a> about the setup of DKIM, DMARC &amp; SPF.</p>
 <h3 id="custom-user-changes-patches"><a class="toclink" href="#custom-user-changes-patches">Custom User Changes &amp; Patches</a></h3>
 <p>If you'd like to change, patch or alter files or behavior of <code>docker-mailserver</code>, you can use a script. See <a href="../faq/#how-to-adjust-settings-with-the-user-patchessh-script">this part of our documentation</a> for a detailed explanation.</p>
 <h2 id="testing"><a class="toclink" href="#testing">Testing</a></h2>