Instal·lar OpenDKIM
$ sudo apt-get install opendkim opendkim-tools
Configurar OpenDKIM
Editem /etc/opendkim.conf
:
AutoRestart Yes AutoRestartRate 10/1h UMask 002 Syslog yes SyslogSuccess Yes LogWhy Yes Canonicalization relaxed/simple ExternalIgnoreList refile:/etc/opendkim/TrustedHosts InternalHosts refile:/etc/opendkim/TrustedHosts KeyTable refile:/etc/opendkim/KeyTable SigningTable refile:/etc/opendkim/SigningTable Mode sv SignatureAlgorithm rsa-sha256
Editem /etc/default/opendkim
:
RUNDIR=/var/spool/postfix/opendkim SOCKET=/var/spool/postfix/opendkim/opendkim.sock USER=opendkim GROUP=postfix PIDFILE=/var/spool/postfix/opendkim/opendkim.pid EXTRAAFTER=
Editem /etc/postfix/main.cf
:
milter_protocol = 6 milter_default_action = accept smtpd_milters = local:/opendkim/opendkim.sock non_smtpd_milters = local:/opendkim/opendkim.sock
Creem els directoris per les claus:
$ sudo mkdir -p /etc/opendkim/keys
Especifiquem els hosts de confiança a /etc/opendkim/TrustedHosts
:
127.0.0.1 localhost A.B.C.D #IP pública servidor *.exemple.com
Creem la taula de claus a /etc/opendkim/KeyTable
:
exemple.com exemple.com:201707:/etc/opendkim/keys/exemple.com/201707.private
Fixeu-vos que el 201707 coincideix amb l’any i el mes en què es genera la clau.
Creem la taula de firmes a /etc/opendkim/SigningTable
:
*@exemple.com exemple.com
Generar claus
$ cd /etc/opendkim/keys $ sudo mkdir exemple.com $ cd exemple.com
Generem les claus:
$ sudo opendkim-genkey -s 201707 -d exemple.com $ sudo chown opendkim:opendkim 201707.private
Afegim les claus al DNS
Mirem el que hem d’afegir mostrant el fitxer 201707.txt
del directori on som:
201707._domainkey IN TXT ( "v=DKIM1; h=sha256; k=rsa; " "p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqTfyFhKjILD50P3ORwd1VExAe3eYJSv6+OBgKH9FFIpr9jQad4d923wpHXXPlxdOPlYePueVwq8HxnTxHPUpMuowxHJ+juimdOx3jteYkne4O9ezl2OIBVIIokpfDB6UQJ+/BTqg72PccPsGPkeEkYu3zwO/5MZUI8hM7gmCs6RurFxM6Pw4zacd6lE/9pbr66eG/ALs7yxdkM" "EYCIqxV5DZNq4BQiVEAo3sFKre3bMW92wTJzyUFOuNjUJZ3EwHZsQSAunH8RHhP9S42YJ6K6vdxqQpBXXJUGAuYUdAq7TBMtYzx5+ZAXvnHzH+2S251ewBHssdUGQ5hZdzyee3QwIDAQAB" ) ; ----- DKIM key 201707 for exemple.com
Ens interessa el valor que hi ha entre parèntesis. Agafem tot el que hi ha entre els parèntesis i després eliminem les cometes.
Afegim un registre TXT a la zona DNS:
Nom: 201707._domainkey Valor: v=DKIM1; h=sha256; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqTfyFhKjILD50P3ORwd1VExAe3eYJSv6+OBgKH9FFIpr9jQad4d923wpHXXPlxdOPlYePueVwq8HxnTxHPUpMuowxHJ+juimdOx3jteYkne4O9ezl2OIBVIIokpfDB6UQJ+/BTqg72PccPsGPkeEkYu3zwO/5MZUI8hM7gmCs6RurFxM6Pw4zacd6lE/9pbr66eG/ALs7yxdkMEYCIqxV5DZNq4BQiVEAo3sFKre3bMW92wTJzyUFOuNjUJZ3EwHZsQSAunH8RHhP9S42YJ6K6vdxqQpBXXJUGAuYUdAq7TBMtYzx5+ZAXvnHzH+2S251ewBHssdUGQ5hZdzyee3QwIDAQAB
I ja ho tenim servit. Per comprovar que funcioni podem fer-ho enviant un correu-e a check-auth@verifier.port25.com.
Nota: A Debian 9 cal fer un pegat al servei del SystemD.