2015年12月20日星期日

ubuntu系统,postfix设置DKIM签名

参考网站
https://easyengine.io/tutorials/mail/dkim-postfix-ubuntu/
http://www.elandsys.com/resources/mail/dkim/opendkim.html

Install DKIM

apt-get install opendkim opendkim-tools
Edit Config files

DKIM config

Open dkim config file vim /etc/opendkim.conf

Add following lines towards end. Make sure you replace example.com with your domain/subdomain.

Domain                  example.com
KeyFile                 /etc/postfix/dkim.key
Selector                mail
SOCKET                  inet:8891@localhost
Next open dkim defaults file vim /etc/default/opendkim

Change default socket path by adding a line like below:

SOCKET="inet:8891@localhost"
Postfix file

Open postfix main config file vim /etc/postfix/main.cf

Add following lines towards end.

# DKIM
milter_default_action = accept
milter_protocol = 2
smtpd_milters = inet:localhost:8891
non_smtpd_milters = inet:localhost:8891

Generating a public and private key

DKIM requires a public and private key. The private key should be saved in a safe location on your server. The public key will used in the DNS TXT record for DKIM.

Enter the following command to generate your private key:
openssl genrsa -out rsa.private 1024

Enter the following command to generate your public key:
openssl rsa -in rsa.private -out rsa.public -pubout -outform PEM

Move your private key to the dkim directory and rename it to mail.key.pem using the following command:

mv rsa.private /var/db/dkim/mail.key.pem

mail is the selector name in our example.

DNS TXT record for DKIM

Create a DNS TXT record for selector._domainkey.example.com as follows:

mail._domainkey.example.com. IN TXT "v=DKIM1; k=rsa; p=MEwwPQRJKoZIhvcNADAQCQADOwAwOAIxANPpYHdE2tevfEpvL1Tk2dDYv0pF28/f5MxU83x/0b sn4R4p7waPaz1IbOGs/6bm5QIDAQAB"

The string after p= is the base64 encoding of your public key.

If the rsa.public file which was generated contains

-----BEGIN PUBLIC KEY-----
MEwwPQRJKoZIhvcNADAQCQADOwAwOAIxANPpYHdE2tevfEpvL1Tk2dDYv0pF28/f 5MxU83x/0bsn4R4p7waPaz1IbOGs/6bm5QIDAQAB
-----END PUBLIC KEY-----

the base64 encoding is everything between the first ----- BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- lines. You should remove any spaces and newlines.

没有评论:

发表评论