Hi Chris, Typically, SPF, DKIM, and DMARC won't be set up from the command line. They might, but they might not—it depends on your DNS host and its supported management tools. The instructions I have relied on direct administrators to web interfaces.
With respect to DKIM, I expect the process to be handled by the email provider and not by the client itself, e.g. the Koha server. That's how the mail systems I manage work. The client authenticates itself to the authorized email service, the service signs the message with the private key, and then it sends it on to the recipients. The receiving email service uses the public key configured in DNS to verify the authenticity of the sending server. In such a case, a Koha server using SMTP would not have to do anything extra. If you are planning to run the libraries' email service entirely on your own, then you definitely have more research to do. If there are administrators out here who have experience doing that, perhaps they will offer to guide you through the process. You will definitely be taking on a lot more work and significantly more risk, since every public-facing component will be vulnerable to attack. In my opinion, it's better to let an external provider handle a service that can be attacked or abused in so many ways—my time is better spent doing other things. Regards, David Liddle Koha System Administrator & Email Administrator On Wed, Dec 31, 2025 at 11:34 AM Chris Brown <[email protected]> wrote: > Hi David, > > Many thanks for your advice. I have already spent some time identifying > the koha patron records with bad email addresses and have sent them out to > the individual libraries to ask if they can correct them. It remains to be > seen how successful this will be. I've also turned email off for all the > instances for now. > > You ask: "Are there particular reasons for choosing the configuration of > Postfix over Koha's built-in SMTP server settings?" > > The reason is purely historical. When we originally set up koha email, it > didn't have a built-in SMTP server, and when we updated koha, we didn't > bother changing it. > > I have been reading up on how to set up SPF, DKIM and DMARC and plan to > have a go. (I used to teach Linux professionally so I'm comfortable working > at a Linux command prompt ... it's just getting a little rusty these days.) > > Am I right in saying that koha's built-in SMTP server won't handle DKIM? > > Thanks again, and Best Regards, > > Chris Brown > > > On Tue, Dec 30, 2025 at 4:54 PM David Liddle <[email protected]> wrote: > >> Hi Chris, >> >> Regardless of what email provider you use, having a lot of email bounces >> is likely to affect the reputation of your sending domain. Even if you own >> the email domain, recipients' domains may mark your messages as spam or >> quarantine them on the basis of that reputation. You will need to improve >> the quality of your data. Depending on the proportion of addresses that are >> incorrect, you might consider turning off email notifications until you can >> correct the data. >> >> Are there particular reasons for choosing the configuration of Postfix >> over Koha's built-in SMTP server settings? There is additional >> administrative overhead to setting up Postfix—and those settings will not >> be included in Koha's regular backup routine. The SMTP server settings, on >> the other hand, are backed up with the rest of the database. >> >> SPF, DKIM, and DMARC will not be configured in Koha, but rather at your >> DNS host, which may or may not be your domain host. Your DNS/domain host >> may have published guides for setting up these functions, so it should be >> your first point of reference. If you're not sure where you need to start, >> I encourage you to share more details about your environment—without >> exposing operational details that could be exploited. >> >> Regards, >> >> David Liddle >> Koha System Administrator & Email Administrator >> >> Seminar für Sprache und Kultur, https://spracheundkultur.org >> >> >> On Tue, Dec 30, 2025 at 3:51 PM Chris Brown <[email protected]> >> wrote: >> >>> Hello, >>> >>> First, best wishes to all for the new year. >>> >>> I manage a koha system that supports 7 volunteer-run libraries in >>> Sheffield, UK. Since 2018 we have used gmail as a relay for sending >>> overdue >>> notifications etc. Recently, Google informed me that they have disabled >>> the >>> service due to violation of their terms of service. We are not sure >>> exactly >>> what they are unhappy about but we suspect it might be due to a high >>> proportion of bounced messages, (We have rather too many incorrect email >>> addresses in koha.) >>> >>> I would be interested to hear from anyone who has had a similar problem, >>> and has found a solution. In particular, I would like some guidance on >>> setting up Postfix to send out email directly (without using gmail as a >>> relay), and setting up SPF, DKIM and DMARC. In case it is relevant, we >>> are >>> using koha 22.11. >>> >>> Thanks and Best Regards, >>> >>> Chris Brown >>> _______________________________________________ >>> >>> Koha mailing list http://koha-community.org >>> [email protected] >>> Unsubscribe: https://lists.katipo.co.nz/mailman/listinfo/koha >>> >> _______________________________________________ Koha mailing list http://koha-community.org [email protected] Unsubscribe: https://lists.katipo.co.nz/mailman/listinfo/koha
