Unterschiede
Hier werden die Unterschiede zwischen zwei Versionen angezeigt.
Beide Seiten der vorigen Revision Vorhergehende Überarbeitung Nächste Überarbeitung | Vorhergehende Überarbeitung Nächste ÜberarbeitungBeide Seiten der Revision | ||
centos:mail_c7:spam_9 [17.12.2014 15:30. ] – [Programmstart] django | centos:mail_c7:spam_9 [01.06.2017 14:17. ] – [Konfiguration] django | ||
---|---|---|---|
Zeile 350: | Zeile 350: | ||
Somit ergibt sich in unserem Anwendungsbeispiel, | Somit ergibt sich in unserem Anwendungsbeispiel, | ||
_adsp._domainkey.sec-mail.guru. | _adsp._domainkey.sec-mail.guru. | ||
- | Diesen Record veröffentlichen wir nun über unseren DNS. Somit kann ein Empfänger | + | Diesen Record veröffentlichen wir nun über unseren DNS. Somit kann ein Empfänger |
===== Tests ===== | ===== Tests ===== | ||
Zeile 739: | Zeile 739: | ||
<file bash / | <file bash / | ||
- | ## See opendkim.conf(5) or / | + | ## See opendkim.conf(5) or / |
## BEFORE running OpenDKIM you must: | ## BEFORE running OpenDKIM you must: | ||
Zeile 747: | Zeile 747: | ||
## - edit your DNS records to publish your public keys (if signing) | ## - edit your DNS records to publish your public keys (if signing) | ||
- | ## See / | + | ## See / |
## CONFIGURATION OPTIONS | ## CONFIGURATION OPTIONS | ||
Zeile 754: | Zeile 754: | ||
PidFile / | PidFile / | ||
- | # Selects operating modes. Valid modes are s (signer) and v (verifier). Default is v. | + | # Selects operating modes. Valid modes are s (sign) and v (verify). Default is v. |
+ | # Must be changed to s (sign only) or sv (sign and verify) in order to sign outgoing | ||
+ | # messages. | ||
Mode v | Mode v | ||
Zeile 772: | Zeile 774: | ||
# Create a socket through which your MTA can communicate. | # Create a socket through which your MTA can communicate. | ||
- | # Django: 2014-03-25 | + | Socket |
- | # default: | + | |
- | Socket | + | |
# Required to use local socket with MTAs that access the socket as a non- | # Required to use local socket with MTAs that access the socket as a non- | ||
Zeile 781: | Zeile 781: | ||
# This specifies a text file in which to store DKIM transaction statistics. | # This specifies a text file in which to store DKIM transaction statistics. | ||
+ | # OpenDKIM must be manually compiled with --enable-stats to enable this feature. | ||
# | # | ||
Zeile 786: | Zeile 787: | ||
# Selects the canonicalization method(s) to be used when signing messages. | # Selects the canonicalization method(s) to be used when signing messages. | ||
+ | # Django : 2014-12-17 | ||
+ | # default: Canonicalization | ||
Canonicalization | Canonicalization | ||
Zeile 794: | Zeile 797: | ||
# Defines the name of the selector to be used when signing messages. | # Defines the name of the selector to be used when signing messages. | ||
- | # | + | # Django : 2014-12-17 |
+ | # default: | ||
+ | # Selector | ||
- | # Gives the location of a private key to be used for signing ALL messages. | + | # Specifies the minimum number of key bits for acceptable keys and signatures. |
- | # | + | # Django : 2014-12-17 |
+ | # default: MinimumKeyBits 1024 | ||
+ | # MinimumKeyBits 1024 | ||
+ | |||
+ | # Gives the location of a private key to be used for signing ALL messages. | ||
+ | # directive is ignored if KeyTable is enabled. | ||
+ | # Django : 2014-12-17 | ||
+ | # default: KeyFile / | ||
+ | # | ||
# Gives the location of a file mapping key names to signing keys. In simple terms, | # Gives the location of a file mapping key names to signing keys. In simple terms, | ||
# this tells OpenDKIM where to find your keys. If present, overrides any KeyFile | # this tells OpenDKIM where to find your keys. If present, overrides any KeyFile | ||
- | # setting | + | # directive |
# | # | ||
# Defines a table used to select one or more signatures to apply to a message based | # Defines a table used to select one or more signatures to apply to a message based | ||
# on the address found in the From: header field. In simple terms, this tells | # on the address found in the From: header field. In simple terms, this tells | ||
- | # OpenDKIM how to use your keys. | + | # OpenDKIM how to use your keys. Requires KeyTable be enabled. |
- | # | + | # |
# Identifies a set of " | # Identifies a set of " | ||
# of the signing domains without credentials as such. | # of the signing domains without credentials as such. | ||
- | # | ||
- | # Django : 2014-03-25 | ||
# | # | ||
- | # Identifies a set internal hosts whose mail should be signed rather than verified. | + | # Identifies a set "internal" |
# | # | ||
- | # Django : 2014-05-11 | + | # Django : 2014-12-17 |
- | InternalHosts | + | # default: unset |
- | + | InternalHosts | |
- | # Django : 2014-02-29 | + | |
- | # Selects the action to be taken when an ADSP check against a message with no valid | + | |
- | # author signature results in the message being deemed suspicious and discardable. | + | |
- | # Possible values are " | + | |
- | # (bounce the message). If not set, discardable messages will still be delivered. | + | |
- | # | + | |
- | ADSPAction reject | + | |
</ | </ | ||
- | Unsere eigenen internen Hosts tragen wir in der Konfigurationsdatei // | + | Unsere eigenen internen Hosts tragen wir in der Konfigurationsdatei // |
- | # vim / | + | # vim / |
- | <file bash / | + | <file bash / |
+ | # To use this file, uncomment the # | ||
# option in / | # option in / | ||
# may be added on separate lines (IP addresses, hostnames, or CIDR ranges). | # may be added on separate lines (IP addresses, hostnames, or CIDR ranges). | ||
- | # The localhost IP (127.0.0.1) should be the first entry in this file. | + | # The localhost IP (127.0.0.1) should |
127.0.0.1 | 127.0.0.1 | ||
- | #208.69.40.157 | + | #host.example.com |
- | # Django : internes Netz eingetragen | + | #192.168.1.0/ |
+ | |||
+ | # Django : 2014-12-17 - internes Netz eingetragen | ||
# default: unset | # default: unset | ||
10.0.0.0/24 | 10.0.0.0/24 | ||
- | </file | ||
- | |||
- | Möchten wir externe Hosts // | ||
- | # vim / | ||
- | |||
- | <file bash / | ||
- | # option in / | ||
- | # may be added on separate lines (IP addresses, hostnames, or CIDR ranges). | ||
- | # The localhost IP (127.0.0.1) should be the first entry in this file. | ||
- | #127.0.0.1 | ||
- | # | ||
</ | </ | ||
Zeile 865: | Zeile 861: | ||
# Django : 2014-11-18 | # Django : 2014-11-18 | ||
# DMARC Test | # DMARC Test | ||
- | # | + | # |
- | opendkim_milter | + | opendkim_milter |
- | # | + | # |
- | amavisd_milter | + | amavisd_milter |
... | ... | ||
</ | </ | ||
Zeile 901: | Zeile 897: | ||
# DKIM-Signaturen erstellen | # DKIM-Signaturen erstellen | ||
- | $enable_dkim_signing = 1; | + | $enable_dkim_signing = 0; |
... | ... | ||
Zeile 974: | Zeile 970: | ||
Die Rückmeldung **enabled** zeigt an, dass der Dienst automatisch startet; ein **disabled** zeigt entsprechend an, dass der Dienst __nicht__ automatisch startet. | Die Rückmeldung **enabled** zeigt an, dass der Dienst automatisch startet; ein **disabled** zeigt entsprechend an, dass der Dienst __nicht__ automatisch startet. | ||
- | Nachdem wir nun unseren opendkim-Milter erfolgreich installiert und konfiguriert haben, können wir auch ... FIXME | + | Nachdem wir nun unseren opendkim-Milter erfolgreich installiert und konfiguriert haben, können wir auch unseren Postfix Mailserver durchstarten, |
+ | ==== Tests und Logging ==== | ||
+ | Wurde die Nachricht unterwegs verändert, | ||
+ | Mar 26 12:52:15 vml000080 opendkim[10943]: | ||
+ | |||
+ | Hingegen wird bei positivem Ergebnis der DKIM-Validierung im maillog vermerkt. | ||
+ | Mar 26 18:02:48 vml000080 opendkim[7535]: | ||
+ | Mar 26 18:02:48 vml000080 opendkim[7535]: | ||
+ | |||
+ | Im Mailheader einer angenommenen eMail finden sich dann entsprechend auch Hinweise zur DKIM-Signaturüberprüfung. | ||
+ | Authentication-Results: | ||
+ | header.d=piratenpartei-bayern.de header.i=@piratenpartei-bayern.de | ||
+ | header.b=WFipEQPn; | ||
+ | |||
+ | Bei negativem Ergebnis wird entsprechend vermerkt. | ||
+ | Authentication-Results: | ||
+ | reason=" | ||
+ | header.d=kitterman.com header.i=@kitterman.com header.b=g01pGD3l; | ||
+ | dkim-adsp=none | ||
Zeile 987: | Zeile 1001: | ||
~~DISCUSSION~~ | ~~DISCUSSION~~ | ||
+ | ~~AUTOTWEET: | ||