sleed Posted May 8, 2014 Report Posted May 8, 2014 Ce Inseamna DKIM ? DomainKeys Identified MailDomainKeys Identified Mail (DKIM) is a method for associating a domain name with an email message, thereby allowing a person, role, or organization to claim some responsibility for the message. The association is set up by means of a digital signature which can be validated by recipients. Responsibility is claimed by a signer—independently of the message's actual authors or recipients—by adding a DKIM-Signature: field to the message's header. The verifier recovers the signer's public key using the DNS, and then verifies that the signature matches the actual message's content.Bun . Acu sa trecem la instalare pe CentOS . Eu folosesc CentOS 6.5 ca exempluInstalam dkim : yum install opendkimGeneram key-urile pentru dkim :mkdir /etc/opendkim/keys/siteul-meu.com/usr/sbin/opendkim-genkey -D /etc/opendkim/keys/siteul-meu.com/ -d siteul-meu.com -s defaultchown -R opendkim:opendkim /etc/opendkim/keys/siteul-meu.commv /etc/opendkim/keys/example.com/default.private /etc/opendkim/keys/siteul-menu/defaultDeschidem /etc/opendkim.conf si sa avem asa adaugat, ca in conf-ul meu : ###### Configuratii DKIM ######### Specifies the path to the process ID file.PidFile /var/run/opendkim/opendkim.pid# Selects operating modes. Valid modes are s (signer) and v (verifier). Default is v.Mode sv# Log activity to the system log.Syslog yes# Log additional entries indicating successful signing or verification of messages.SyslogSuccess yes# If logging is enabled, include detailed logging about why or why not a message was# signed or verified. This causes a large increase in the amount of log data generated# for each message, so it should be limited to debugging use only.#LogWhy yes# Attempt to become the specified user before starting operations.UserID opendkim:opendkim# Create a socket through which your MTA can communicate.Socket inet:8891@127.0.0.1# Required to use local socket with MTAs that access the socket as a non-# privileged user (e.g. Postfix)Umask 002# This specifies a file in which to store DKIM transaction statistics.#Statistics /var/spool/opendkim/stats.dat## SIGNING OPTIONS# Selects the canonicalization method(s) to be used when signing messages.Canonicalization relaxed/simple# Domain(s) whose mail should be signed by this filter. Mail from other domains will# be verified rather than being signed. Uncomment and use your domain name.# This parameter is not required if a SigningTable is in use.Domain siteul-meu.com# Defines the name of the selector to be used when signing messages.Selector default# Gives the location of a private key to be used for signing ALL messages.#KeyFile /etc/opendkim/keys/default.private# Gives the location of a file mapping key names to signing keys. In simple terms,# this tells OpenDKIM where to find your keys. If present, overrides any KeyFile# setting in the configuration file.KeyTable refile:/etc/opendkim/KeyTable# Defines a table used to select one or more signatures to apply to a message based# on the address found in the From: header field. In simple terms, this tells# OpenDKIM how to use your keys.SigningTable refile:/etc/opendkim/SigningTable# Identifies a set of "external" hosts that may send mail through the server as one# of the signing domains without credentials as such.ExternalIgnoreList refile:/etc/opendkim/TrustedHosts# Identifies a set internal hosts whose mail should be signed rather than verified.InternalHosts refile:/etc/opendkim/TrustedHostsApoi facem un fisier : nano /etc/opendkim/KeyTable In el adaugam : default._domainkey.siteul-meu.com siteul-meu.com:default:/etc/opendkim/keys/siteul-meu.com/defaultApoi in : /etc/opendkim/SigningTable adaugam *@siteul-meu.com default._domainkey.siteul-meu.comIn : /etc/opendkim/TrustedHosts sa avem : 127.0.0.1server.siteul-meu.comsiteul-meu.comApoi sa facem ca treaba sa functioneze adaugam in /etc/postfix/main.cf urmatoarele : smtpd_milters = inet:127.0.0.1:8891non_smtpd_milters = $smtpd_miltersmilter_default_action = acceptTrebuie sa adaugam in TXT in DNS pentru a face ca sa mearga configuratia. Cititi cum sa adaugati un TXT pentru DNS..Apoi rulam :service postfix restartchkconfig opendkim onApoi ca sa testam trimitem un email la : check-auth@verifier.port25.com si daca primim raspuns este totul OKEY.sau sa vedem , incercam cu dig : dig +short default._domainkey.siteul-meu.com TXTAvem si log-ul sa ne uitam : tail -f /var/log/maillog -> asa ar trebui sa arate cand trimitem un email !!DKIM-Signature: v=1; a=rsa-sha256; d=SITEul-meu; s=dkim1; c=Relaxed/Simple; q=dns/txt; i=@siteul-meu; t=1270733902; x=1273325902; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Nota : FACETI-VA UN DNS SERVER PE STATIA DE LUCRU, CU API GEN CLOUDNS NU PREA MERGE .. !!!!Sursele sunt mai multe, am imbunatatit am luat si de aici : DKIM OFFICIAL + am adaugat si eu cateceva! Success cu Spam-ul ":))))))) 1 Quote
babyface Posted May 22, 2014 Report Posted May 22, 2014 /etc/opendkim.conf-bash: /etc/opendkim.conf: Permission deniedimi da chestia asta...helppppppp Quote
sleed Posted May 22, 2014 Author Report Posted May 22, 2014 Ia incearca chown -R user:user /etc/opendkim.confchmod -R 0775 /etc/opendkim.conf Quote