Category Archives: Howto Tutorials (EN)

Knowledge Network for Tutorials, Howto’s, Workaround, DevOps Code for Professionals

Change Interface Static IP Address on Debian

This tutorial walks through the interface configuration to change the static IP address in the command line on Debian 12. In easy-to-implement steps show how to change a static IP address in the terminal, especially on a Debian server there is commonly no graphical user interface available. The following content provided the required commands for reference.

Change Interface Static IP Address on Debian

/etc/network/interfaces

By default, Debian creates the interface configuration using Dynamic Host Control Protocol to dynamically assigns an IP during deployment, with information such as IP address, netmask and gateway as well as the DNS server being obtained from a DHCP server.

Change Interface Static IP Address on Debian

Follow these steps to set up and configure a static interface IP address.

  1. Log in to remote server using ssh command.
  2. Backup the interfaces file with cp /etc/network/interfaces /root/
  3. Edit the /etc/network/interfaces file.
$ vi /etc/network/interfaces

This the static interfaces configuration file on Debian.

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

source /etc/network/interfaces.d/*

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
allow-hotplug ens192
iface ens192 inet static
  address 203.0.113.3
  netmask 255.255.255.0
  gateway 203.0.113.1
  dns-nameservers 1.1.1.1 1.0.0.1

The settings above is an example. Replace the IP addresses with your actual addresses. Make sure do not change the loopback network interface.

Add Second IP Address on Debian

If a second IP address is required on the network interface, an additional address can be assigned as follows, add to the end of the file.

auto ens192:1
allow-hotplug ens192:1
iface ens192:1 inet static
  address 10.0.0.3/24

Restart Networking Service

Restart the networking service so that the updated configuration can be applied with run these command.

$ systemctl restart networking

Change Interface Static IP Address using ip

For example, given the IP addresses used in the previous sections, if we want to change the IP address (to 203.0.113.3/24), we would run the following command.

$ ip addr add 203.0.113.3/24 dev ens192

Note. This command does not permanently change the configuration.

Change Static IP Address using ifconfig

On modern distributions, the “ifconfig” command has been completely deprecated and it is now advised to use the “ip” command.

However, you should still be able to use the “ifconfig” to change the interface IP address. First you must perform the next command.

$ apt install net-tools -y

For example, if you want to change the IP address (to 203.0.113.3/24), you would run the following command using ifconfig.

$ ifconfig ens192 203.0.113.3 netmask 255.255.255.0 up

Your second interface IP address will be added as follows.

$ ifconfig ens192:0 10.0.0.3 netmask 255.255.255.0 up

View interface IP Addresses

Use the “ip a” or “ip link” command to list your network interfaces. Note replace the interface name you want to configure, e.g. eth0 or wlp2s0 or ens192 or whatever it’s called.

$ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: ens192: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:ac:28:ac:76:d2 brd ff:ff:ff:ff:ff:ff
    inet 203.0.113.3/24 brd 203.0.113.255 scope global ens192
       valid_lft forever preferred_lft forever
    inet 10.0.0.3/24 scope global ens192:1
       valid_lft forever preferred_lft forever
    inet6 fe80::20c:29ff:feac:76d2/64 scope link
       valid_lft forever preferred_lft forever

Conclusion

In this tutorial, we have learned how to configure a static interface IP address on Debian 12 “Bookworm” server. Your server is now configured to use static IP address. In a typical network, there are two ways to assign IP addresses. One is using DHCP and another is static IP assignment. DHCP or Dynamic Host Control Protocol dynamically assigns an IP address to an interface. It requires a DHCP server running in the network. In the static IP assignment, we manually assign the IP address, routing gateway, and DNS resolvers. Static IP assignment gives to more control on assigning an IP address and setting the DNS resolvers.

OpenDKIM Postfix Virtual Domain

Configuring OpenDKIM with Postfix using virtual domains can be confusing, especially for those unfamiliar with the topic. However, with the right approach, you can achieve this easily. This tutorial will walk you through the setup where OpenDKIM and Postfix is used for multiple email domains.

OpenDKIM Postfix Virtual Domain

The OpenDKIM package consists of a library that implements the DKIM service and a milter-based filtering application that integrates a milter for Postfix to provide this service to an MTA that serve multiple virtual domains for email services.

OpenDKIM hosts a data collection facility for Postfix sites and virtual domain that wish to volunteer their data. These data are used as feedback to the Internet Engineering Task Force to develop new reputation standards.

DKIM provides a method to validate an email message with the associated domain name identity through cryptographic authentication. This procedure helps combat email spoofing and thus increases email security. In the context of Postfix, the integration of OpenDKIM offers several key advantages:

  • Improved Email Deliverability: Emails signed with DKIM are less likely to be flagged as spam, ensuring your messages reach the intended recipients.
  • Enhanced Sender Reputation: It boosts your domain’s credibility and reputation by demonstrating that your emails are legitimate and tamper-proof.
  • Increased Trust: It verifies the sender’s identity, reassuring recipients that the emails they receive are authentic.

Step 1: Install OpenDKIM

Here we will deploy OpenDKIM in 5 steps on a Debian 12 server with Postfix already installed. I prefer to gain elevated privileges by running “su -” or “sudo su -“. Choose the preferred method, making sure that the following commands could be executed with sudo if necessary.

$ apt install opendkim -y

Step 2: Configure OpenDKIM

Open the OpenDKIM main configuration file in editor of your choice.

$ vi /etc/opendkim.conf

By default, OpenDKIM is set to verification mode (v), which verifies the DKIM signatures of receiving email messages. Changing the mode to “sv,” will let us activate the signing mode for outgoing emails.

Syslog                  yes
SyslogSuccess           yes
LogWhy                  yes
Canonicalization        relaxed/simple
Mode                    sv
OversignHeaders         From
UserID                  opendkim:opendkim
UMask                   022
Socket                  inet:8899@localhost
PidFile                 /run/opendkim/opendkim.pid
TrustAnchorFile         /usr/share/dns/root.key
AutoRestart             Yes
AutoRestartRate         10/1h
ExternalIgnoreList      refile:/etc/opendkim/TrustedHosts
InternalHosts           refile:/etc/opendkim/TrustedHosts
KeyTable                refile:/etc/opendkim/KeyTable
SigningTable            refile:/etc/opendkim/SigningTable
SignatureAlgorithm      rsa-sha256
TemporaryDirectory      /var/tmp

Uncomment the SigningTable and KeyTable option by removing the hash (#) and add the additional lines to /etc/opendkim.conf.

Save and close the OpenDKIM main configuration file.

Next make shure the SigningTable and KeyTable file and also the keys directory exists with the required rights under /etc/opendkim.

$ ls -Al /etc/opendkim
drwxr-x--- 17 opendkim opendkim 4096 Jan 30 keys
-rw-r-----  1 opendkim opendkim 1883 Jan 30 KeyTable
-rw-r-----  1 opendkim opendkim 1988 Jan 30 SigningTable
-rw-r-----  1 opendkim opendkim  460 Jan 30 TrustedHosts

The “/etc/opendkim/TrustedHosts” file contains the internal hosts and a list of addresses and/or hostnames they want to ignore from verification. The localhost IP (127.0.0.1) should always be the first entry in this file.

127.0.0.1
::1
*.example.tld

Step 3: Generate Private and Public Keys

Now let’s generate private and public keys. The command to generate a new key pair performs as follows.

$ opendkim-genkey -b 2048 -d example.tld -D /etc/opendkim/keys/example.tld -s mail -r -h sha256 -v

A key pair with a size of 2048 bits is generated, for the domain “example.tld” and saved in to “/etc/opendkim/keys/example.tld” file with the selector “mail” using for mail with the -r option, with -h tells sha256 hash algorithm, the -v option is for verbose outbut.

Generate new Key for Postfix virtual domain

Save the next lines to a file, for example as /usr/bin/adddkim.

#!/bin/bash
if [ $# -lt 2 ]; then
    echo "No argument supplied"
    echo "use: selector domain"
    exit 1
fi
mkdir /etc/opendkim/keys/$2
opendkim-genkey -D /etc/opendkim/keys/$2/ -d $2 -h sha256 -s $1 -r
chown -R opendkim:opendkim /etc/opendkim/keys/$2
chmod 640 /etc/opendkim/keys/$2/*
mv /etc/opendkim/keys/$2/$1.private /etc/opendkim/keys/$2/$1
echo "$1._domainkey.$2 $2:$1:/etc/opendkim/keys/$2/$1" >> /etc/opendkim/KeyTable
echo "*@$2 $1._domainkey.$2" >> /etc/opendkim/SigningTable
cat /etc/opendkim/keys/$2/$1.txt

Save and close the file and make this script executable.

$ chmod 755 /usr/bin/adddkim

Finish, now simply use the command to generate a new DKIM for each desired domain by running this command.

$ adddkim selector example.tld

The command generates a private and public key and adds the entries to the SigningTable and KeyTable file.

Note: “default” is the DKIM selector. A domain might have multiple DKIM Signatures. The DKIM selector allows you to choose a particular DKIM Key. You can use any name of your choice, but make sure you don’t have a DKIM Signature already implemented with the same selector name.

Step 4: Connect Postfix to OpenDKIM

Now that you’ve configured OpenDKIM, it’s time to implement Postfix DKIM. Let’s follow the Postfix OpenDKIM configuration process.

Edit Postfix main configuration file.

$ vi /etc/postfix/main.cf

Add the following lines to the end of the “main.cf” file.

smtpd_milters = inet:127.0.0.1:8899
non_smtpd_milters = $smtpd_milters
milter_default_action = accept
milter_protocol = 2

Finally, now restart the services to apply changes.

$ systemctl restart opendkim
$ systemctl restart postfix

Step 5: Publish the Public DKIM to DNS

Implement the public DKIM to the corresponding DNS zone.

$ cat /etc/opendkim/keys/example.tld/mail.txt

The content of mail.txt is the public key that will add to the DNS zone.

mail._domainkey IN      TXT     ( "v=DKIM1; h=sha256; k=rsa; s=email;"
    "p=MIIBIjHNBgkqhkiG9w0BAQEFAAOCAZ8AMGGBCgKCZQEB62eXljmnXSeW8V8pgCgeWuQp+IOmYrN6Y8+VFqglw8PHfgL9mhJeA+Kn83VeBfRjVHUt8z5NnTgcEhzb9GQ4lX0eAxQ7J2uwlmJdREh8WWM5QsDwP80L3tsCvyAsVqXZNzZOJ9odFccgvPAAClwBW6Z2ZZkQSzQkS2hw0ma+CVTAPRI6LqJ7GNGo79qSwRmssLZHf01+CBaIL"
    "LQaZKVVTF4CxKrJpnsypjnAexpg4Ti9bQYnENXNHfCaogTDD86SC3E7Zkdt2YYrB0CA4F5B+3nKq3w6ioooiwT2yznKPWE4oi0QXI7MOJJ53oJyVGtKtZcq4ZLfn4KW0z5gpHgDvIDAQAA" )  ; ----- DKIM key mail for example.tld

Important Notes: Name/Target: mail._domainkey, Make sure to remove any spaces or double-quotes if your DNS provider using UI managed zone editor like Cloudflare.

Publish the Public DKIM to DNS

Check OpenDKIM Record

You can test the DKIM TXT record with lookup using dig on linux.

$ dig TXT mail._domainkey.example.tld +short

Windows systems provide the command as follows.

$ nslookup -type=TXT mail._domainkey.example.tld

You can also try DKIM check by MxToolbox here. The DKIM Check tool will perform a DKIM record test against a domain name and selector for a valid published DKIM key record.

OpenDKIM help!

You can use the following commands for help!

$ man opendkim-genkey
and
$ opendkim-genkey --help
opendkim-genkey: usage: opendkim-genkey [options]
        --append-domain        include domain name in zone file stub
        --bits=n               use n bits to generate the key
        --directory=path       leave output in the named directory
        --domain=name          generate data for the named domain [localhost]
        --hash-algorithms=list limit to use of the named algorithm(s)
        --help                 print help and exit
        --note=string          include specified note in zone data
        --restrict             restrict key to email use only
        --selector=name        selector name [default]
        --subdomains           allow signing of subdomains
        --testmode             indicate key is in test mode
        --verbose              increased output
        --version              print version and exit

Source: