» »

Postavitev DKIM (Debian, Postfix, Bind)

Postavitev DKIM (Debian, Postfix, Bind)

HotBurek ::

Navodila za postavitev DKIM.

#0 Create user

useradd opendkim -m /home/opendkim
passwd opendkim
.
.
mkdir /home/opendkim
chown opendkim:opendkim /home/opendkim
...
nano /etc/passwd
opendkim:x:1234:1234:OpenDKIM user,,,:/home/opendkim:/bin/bash

#1 Install OpenDKIM

apt-get install opendkim
apt-get install opendkim-tools


#2 Enable autostart za OpenDKIM servis

systemctl enable opendkim


#3 Configure OpenDKIM

nano /etc/opendkim.conf

AutoRestart             Yes
AutoRestartRate         10/1h
UMask                   002
Syslog                  yes
SyslogSuccess           Yes
LogWhy                  Yes

Canonicalization        relaxed/simple

ExternalIgnoreList      refile:/etc/opendkim/trustedhosts.conf
InternalHosts           refile:/etc/opendkim/trustedhosts.conf
KeyTable                refile:/etc/opendkim/keytable.conf
SigningTable            refile:/etc/opendkim/signingtable.conf

Mode                    sv
PidFile                 /var/run/opendkim/opendkim.pid
SignatureAlgorithm      rsa-sha256

UserID                  opendkim:opendkim

Socket                  inet:12301@127.0.0.1

Selector                mail
Domain                  example.si


#4 Configure OpenDKIM defaults

nano /etc/default/opendkim

RUNDIR=/var/run/opendkim

SOCKET=inet:12301@127.0.0.1

USER=opendkim
GROUP=opendkim
PIDFILE=$RUNDIR/$NAME.pid
EXTRAAFTER=


#5 Configure Postfix main.cf

nano /etc/postfic/main.cf

milter_protocol = 2
milter_default_action = accept

smtpd_milters = inet:127.0.0.1:12301
non_smtpd_milters = inet:127.0.0.1:12301


#6 Configure iptables

-A INPUT -i lo -p tcp -m tcp --dport 12301 -j ACCEPT


#7 Create OpenDKIM refiles

nano /etc/opendkim/trustedhosts.conf

127.0.0.1
localhost

*.example.si


nano /etc/opendkim/signingtable.conf

*@example.si mail._domainkey.example.si


nano /etc/opendkim/keytable.conf

mail._domainkey.example.si example.si:mail:/etc/opendkim/keys/example.si/mail.private


#8 Create folders

mkdir /etc/opendkim/
mkdir /etc/opendkim/keys/
mkdir /etc/opendkim/keys/example.si/


#9 Create public/private key

cd /etc/opendkim/keys/example.si/

opendkim-genkey -s mail -d example.si

ls -l

mail.private
mail.txt


#10 Add DNS record

nano /etc/opendkim/keys/example.si/email.txt

Vsebina se skopira v /etc/bind/example.si.zone file:

mail._domainkey	IN	TXT	( "v=DKIM1; h=sha256; k=rsa; "
	  "p=ABC very long string that is too long fonr one line"
	  "DEF and the rest of long string" )  ; ----- DKIM key mail for example.si


+ Test dns zone file (komanda, domena, zone file)
named-checkzone example.si example.si.zone


#11 Services restart

service opendkim restart
service postfix restart
service bind9 restart

+ Če so kakšni errorji
tail -f /var/log/syslog

#12 Test DNS

dig mail._domainkey.example.si TXT @your.dns.server

Response:
;; ANSWER SECTION:
mail._domainkey.example.si. 60480	IN	TXT	"v=DKIM1; h=sha256; k=rsa; " "p=some long" "random string"


#13 Test via email

Pošlješ mail na heck-auth@verifier.port25.com, remply pa je med drugim DKIM check.
root@debian:/# iptraf-ng
fatal: This program requires a screen size of at least 80 columns by 24 lines
Please resize your window

Vredno ogleda ...

TemaSporočilaOglediZadnje sporočilo
TemaSporočilaOglediZadnje sporočilo
!

[Vodič] Router v študentskem domu (Eduroam) (strani: 1 2 )

Oddelek: Omrežja in internet		7066517 (946) KajDelam?
»

Postavitev mySQL

Oddelek: Programiranje		92256 (1834) M01O
»

apache virtual host in name serverji

Oddelek: Izdelava spletišč		81067 (755) čuhalev
»

router priključen na router

Oddelek: Omrežja in internet		283787 (2357) janco
»

[Ubuntu server] mail poslan iz serverja zazna kot vsiljeno pošto (strani: 1 2 )

Oddelek: Omrežja in internet		799235 (8205) shorvat

Več podobnih tem