Jump to content
sleed

[Tutorial] DKIM + SPF Pentru Server de Mail

Recommended Posts

Posted

Ce Inseamna DKIM ?

DomainKeys Identified Mail

DomainKeys Identified Mail (DKIM) is a method for associating a domain name with an email message, thereby allowing a person, role, or organization to claim some responsibility for the message. The association is set up by means of a digital signature which can be validated by recipients. Responsibility is claimed by a signer—independently of the message's actual authors or recipients—by adding a DKIM-Signature: field to the message's header. The verifier recovers the signer's public key using the DNS, and then verifies that the signature matches the actual message's content.

Bun . Acu sa trecem la instalare pe CentOS . Eu folosesc CentOS 6.5 ca exemplu

Instalam dkim :

yum install opendkim

Generam key-urile pentru dkim :

mkdir /etc/opendkim/keys/siteul-meu.com
/usr/sbin/opendkim-genkey -D /etc/opendkim/keys/siteul-meu.com/ -d siteul-meu.com -s default
chown -R opendkim:opendkim /etc/opendkim/keys/siteul-meu.com
mv /etc/opendkim/keys/example.com/default.private /etc/opendkim/keys/siteul-menu/default

Deschidem /etc/opendkim.conf si sa avem asa adaugat, ca in conf-ul meu :

###### Configuratii DKIM ########

# Specifies the path to the process ID file.
PidFile /var/run/opendkim/opendkim.pid

# Selects operating modes. Valid modes are s (signer) and v (verifier). Default is v.
Mode sv

# Log activity to the system log.
Syslog yes

# Log additional entries indicating successful signing or verification of messages.
SyslogSuccess yes

# If logging is enabled, include detailed logging about why or why not a message was
# signed or verified. This causes a large increase in the amount of log data generated
# for each message, so it should be limited to debugging use only.
#LogWhy yes

# Attempt to become the specified user before starting operations.
UserID opendkim:opendkim

# Create a socket through which your MTA can communicate.
Socket inet:8891@127.0.0.1

# Required to use local socket with MTAs that access the socket as a non-
# privileged user (e.g. Postfix)
Umask 002

# This specifies a file in which to store DKIM transaction statistics.
#Statistics /var/spool/opendkim/stats.dat

## SIGNING OPTIONS

# Selects the canonicalization method(s) to be used when signing messages.
Canonicalization relaxed/simple

# Domain(s) whose mail should be signed by this filter. Mail from other domains will
# be verified rather than being signed. Uncomment and use your domain name.
# This parameter is not required if a SigningTable is in use.
Domain siteul-meu.com

# Defines the name of the selector to be used when signing messages.
Selector default

# Gives the location of a private key to be used for signing ALL messages.
#KeyFile /etc/opendkim/keys/default.private

# Gives the location of a file mapping key names to signing keys. In simple terms,
# this tells OpenDKIM where to find your keys. If present, overrides any KeyFile
# setting in the configuration file.
KeyTable refile:/etc/opendkim/KeyTable

# Defines a table used to select one or more signatures to apply to a message based
# on the address found in the From: header field. In simple terms, this tells
# OpenDKIM how to use your keys.
SigningTable refile:/etc/opendkim/SigningTable

# Identifies a set of "external" hosts that may send mail through the server as one
# of the signing domains without credentials as such.
ExternalIgnoreList refile:/etc/opendkim/TrustedHosts

# Identifies a set internal hosts whose mail should be signed rather than verified.
InternalHosts refile:/etc/opendkim/TrustedHosts

Apoi facem un fisier :

 nano /etc/opendkim/KeyTable 

In el adaugam :

default._domainkey.siteul-meu.com siteul-meu.com:default:/etc/opendkim/keys/siteul-meu.com/default

Apoi in :

/etc/opendkim/SigningTable

adaugam

*@siteul-meu.com default._domainkey.siteul-meu.com

In :

/etc/opendkim/TrustedHosts

sa avem :

127.0.0.1
server.siteul-meu.com
siteul-meu.com

Apoi sa facem ca treaba sa functioneze adaugam in /etc/postfix/main.cf urmatoarele :

smtpd_milters           = inet:127.0.0.1:8891
non_smtpd_milters = $smtpd_milters
milter_default_action = accept

Trebuie sa adaugam in TXT in DNS pentru a face ca sa mearga configuratia. Cititi cum sa adaugati un TXT pentru DNS..

Apoi rulam :service postfix restart

chkconfig opendkim on

Apoi ca sa testam trimitem un email la : check-auth@verifier.port25.com si daca primim raspuns este totul OKEY.:)

sau sa vedem , incercam cu dig :

dig +short default._domainkey.siteul-meu.com TXT

Avem si log-ul sa ne uitam :

tail -f /var/log/maillog
-> asa ar trebui sa arate cand trimitem un email !!

DKIM-Signature: v=1; a=rsa-sha256; d=SITEul-meu; s=dkim1; c=Relaxed/Simple;

q=dns/txt; i=@siteul-meu; t=1270733902; x=1273325902;

h=From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-

Nota : FACETI-VA UN DNS SERVER PE STATIA DE LUCRU, CU API GEN CLOUDNS NU PREA MERGE .. !!!!

Sursele sunt mai multe, am imbunatatit am luat si de aici : DKIM OFFICIAL + am adaugat si eu cateceva! Success cu Spam-ul ":)))))))

  • Upvote 1

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...