поддержка DKIM в Postfix

make install

dkimproxy_out_enable=”YES” -> rc.conf

root@mx1/usr/local/etc> cp dkimproxy_out.conf.example dkimproxy_out.conf

root@mx1/usr/local/etc> mkdir dkim-keys
root@mx1/usr/local/etc/dkim-keys> openssl genrsa -out privatedkim.key 1024
root@mx1/usr/local/etc/dkim-keys> openssl rsa -in privatedkim.key -pubout -out publicdkim.key

root@mx1/usr/local/etc> vim dkimproxy_out.conf

# specify what address/port DKIMproxy should listen on

# specify what address/port DKIMproxy forwards mail to

# specify what domains DKIMproxy can sign for (comma-separated, no spaces)
domain vs.kiev.ua

# specify what signatures to add
signature dkim(c=relaxed)
signature domainkeys(c=nofws)

# specify location of the private key
keyfile /usr/local/etc/dkim-keys/private.key

# specify the selector (i.e. the name of the key record put in DNS)
selector selector1

# control how many processes DKIMproxy uses
# – more information on these options (and others) can be found by
# running `perldoc Net::Server::PreFork’.
#min_servers 5
#min_spare_servers 2

root@mx1/usr/local/etc> chown dkimproxy:dkimproxy dkim-keys/
root@mx1/usr/local/etc> cd dkim-keys/
root@mx1/usr/local/etc/dkim-keys> chown dkimproxy:dkimproxy *
root@mx1/usr/local/etc/dkim-keys> ls -l
total 32
-rw-r–r– 1 dkimproxy dkimproxy 891 5 апр 12:57 privatedkim.key
-rw-r–r– 1 dkimproxy dkimproxy 272 5 апр 12:58 publicdkim.key

root@mx1/usr/local/etc/dkim-keys> ln -sf privatedkim.key private.key
root@mx1/usr/local/etc/dkim-keys> ln -sf publicdkim.key public.key

root@mx1/usr/local/etc> cat /etc/namedb/master/vs.kiev.ua

vs.kiev.ua. IN TXT “v=spf1 +mx -all”
vs.kiev.ua. IN SPF “v=spf1 +mx -all”
_domainkey 3600 IN TXT “t=y; o=~;”
selector1._domainkey 3600 IN TXT “g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDAUR6no9naRaTxiuvh0WV5a1XGQpZgjBuOntdbsoz0WiM5QU6nJDWlEfLrz3lqpPqd/3Tr23eQBUj7hvOQ+IOWOA605ISlc9ct3dF62wsX2fQ9+TMUWNB+ktDRkNNpRSIcZ/FBj4P/CpwScjka7O6Wjv2UnUaQMrZSIOygQzdLMwIDAQAB;”


root@mx1/usr/local/etc> vim /usr/local/etc/postfix/master.cf

# modify the default submission service to specify a content filter
# and restrict it to local clients and SASL authenticated clients only
submission inet n – n – – smtpd
-o smtpd_etrn_restrictions=reject
-o smtpd_sasl_auth_enable=yes
-o content_filter=dksign:[]:10027
-o receive_override_options=no_address_mappings
-o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject

# specify the location of the DKIM signing proxy
# Note: we allow “4” simultaneous deliveries here; high-volume sites may
# want a number higher than 4.
# Note: the smtp_discard_ehlo_keywords option requires Postfix 2.2 or
# better. Leave it off if your version does not support it.
dksign unix – – n – 4 smtp
-o smtp_send_xforward_command=yes
-o smtp_discard_ehlo_keywords=8bitmime,starttls

# service for accepting messages FROM the DKIM signing proxy
# inet n – n – 10 smtpd
-o content_filter=
-o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
-o smtpd_helo_restrictions=
-o smtpd_client_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=
-o smtpd_authorized_xforward_hosts=


Не забываем открыть в fw 583 порт ! и поменять настройки mail.app что SMTP сервер слушает на 583 порту.




Запись опубликована в рубрике postfix, Фря с метками , . Добавьте в закладки постоянную ссылку.