#author("2024-01-16T11:21:48+09:00","default:kuji","kuji")
#author("2024-01-16T11:24:55+09:00","default:kuji","kuji")
CONTENTS
#contents
----
Lastmodified &lastmod;
----
*OpenDKIM [#j8f63f5c]
【参考URL】https://wp.kncn.net/277

https://qiita.com/Chun3/items/4c15ee889b052df67bbd

 portinstall mail/opendkim
unbound-1.16.1 も依存関係でインストールされるが、ダウンロード途中で Login: PW:を求められ、いずれも空白でOKだった。

 In order to run this port, write your opendkim.conf and:
 
 if you use sendmail, add the milter socket `socketspec' in
 /etc/mail/<your_configuration>.mc:
 
 INPUT_MAIL_FILTER(`dkim-filter', `S=_YOUR_SOCKET_SPEC_, F=T, T=R:2m')
 
 or if you use postfix write your milter socket `socketspec' in
 /usr/local/etc/postfix/main.cf:
 
 smtpd_milters = _YOUR_SOCKET_SPEC_
 
 
 And to run the milter from startup, add milteropendkim_enable="YES" in
 your /etc/rc.conf.
 Extra options can be found in startup script.
 
 Note: milter sockets must be accessible from postfix/smtpd;
   using inet sockets might be preferred.




/etc/rc.conf
 milteropendkim_enable="YES"
/usr/local/etc/mail/opendkim.conf
 Canonicalization        simple/simple
 Domain                  smb.net
 KeyFile                 /var/db/dkim/smb.net.private
 LogWhy                  yes
 Mode                    sv
 ReportAddress           "DKIM Error Postmaster" <postmaster@smb.net>
 Selector                smb.net
 SendReports             yes
 Socket                  local:/var/run/milteropendkim/socket
 SubDomains              yes
 Syslog                  Yes
 SyslogSuccess           yes
 UMask                   002

/etc/group 
  pw group mod mailnull -m postfix
mailnull:*:26:postfix   <-- postfix 追加
**認証鍵の作成 [#f748ccfc]
 # mkdir /var/db/dkim
 # chmod 700 /var/db/dkim
 # opendkim-genkey -D /var/db/dkim -d smb.net -s smb.net
 # chown -R mailnull:mailnull /var/db/dkim

**公開鍵を DNS の TXT レコードに設定 [#ed5888cd]
/usr/local/etc/namedb/smb.net.zone

 _domainkey              IN      TXT     "t=y; o=~"
 smb.net._domainkey     IN      TXT     "v=DKIM1; k=rsa; p=hogehoge"
 _adsp._domainkey        IN      TXT     "dkim=unknown"

2行目は /var/db/dkim/smb.net.txt の内容を設定。こんなかんじか?
 _domainkey             IN  TXT     "t=y; o=~"
 smb.net._domainkey  IN  TXT     "v=DKIM1; k=rsa; "
 	  "p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDWTSD8w....WwIDAQAB" )  ; ----- DKIM key smb.net for smb.net
 _adsp._domainkey       IN  TXT     "dkim=unknown"

**postfixの設定変更 [#m5443313]
/usr/local/etc/postfix/main.cf
 # opendkim mail filter
 smtpd_milters = unix:/var/run/milteropendkim/socket
 non_smtpd_milters = $smtpd_milters
 milter_default_action = accept

** 送信テストでエラー [#i13efcd9]

 # mail hogehoge@smb.net
 Subject: TEST
 TEST
 . 
 EOT
 
 # collect: Cannot write ./df26U3v8rT004196 (bfcommit, uid=25, gid=25): Permission denied
 queueup: cannot create queue file ./qf26U3v8rT004196, euid=25, fd=-1, fp=0x0: Permission denied


これは、var/spool/clientmqueue にキューファイルが書き込めないという事のようなので、

 chown smmsp:smmsp /var/spool/clientmqueue

した。
** opendkim起動しない? [#z84ca761]
【起動】は、
 service milter-opendkim start
 Starting milteropendkim.
なのだが、エラーがでた。

 Jul 30 16:44:37 g7 opendkim[5034]: OpenDKIM Filter: Unable to bind to port local:/var/run/milteropendkim/socket: Permission denied
 Jul 30 16:44:37 g7 opendkim[5034]: OpenDKIM Filter: Unable to create listening socket on conn local:/var/run/milteropendkim/socket
 Jul 30 16:44:37 g7 opendkim[5034]: smfi_opensocket() failed

/var/run/milteropendkim フォルダを mailnull:mailnull とした。

 chown -R  mailnull:mailnull  /var/run/milteropendkim

**dkim=temperror (no key for signature) header.i= [#h165be97]
https://qiita.com/geeorgey/items/450b498d2b98b6b868a8

**2日後になったらOKだった!? [#rb7c88b0]

 Authentication-Results: mx.google.com;
        dkim=pass header.i=@kuji-clinic.net header.s=kuji-clinic.net header.b=Cmlx06jK;
        dkim=pass header.i=@kuji-clinic.net header.s=kuji-clinic.net header.b="4N/mbxrB";
        spf=pass (google.com: best guess record for domain of root@g7.kuji-clinic.net designates 210.255.122.215 as permitted sender) 


*複数ドメイン [#l6d395c7]
https://www.nic.ad.jp/ja/materials/iw/2011/proceedings/s03/s03-03.pdf

https://www.web-dev-qa-db-ja.com/ja/postfix/opendkim%E3%81%AB%E8%A4%87%E6%95%B0%E3%81%AE%E3%82%BB%E3%83%AC%E3%82%AF%E3%82%BF%E3%83%BC%E3%82%92%E4%BD%BF%E7%94%A8%E3%81%A7%E3%81%8D%E3%81%BE%E3%81%99%E3%81%8B%EF%BC%9F/960080409/

https://igreks.jp/dev/dkim-multiple-domain-maker-3rdparty/

https://forums.freebsd.org/threads/issues-with-opendkim.72749/

https://blog.balyuzi.uk/dkim-postfix-on-freebsd/

**portinstall mail/opendkim [#h1d11387]
/etc/rc.conf
 milteropendkim_enable="YES"

/etc/group
 mailnull:*:26:postfix   <-- postfix 追加

認証鍵を作成。

 # mkdir /var/db/dkim
 # chmod 700 /var/db/dkim
 # opendkim-genkey -D /var/db/dkim -d smb.net -s smb.net
 # opendkim-genkey -D /var/db/dkim -d niihama-med.or.jp -s niihama-med.or.jp
 # chown -R mailnull:mailnull /var/db/dkim

/usr/local/etc/mail/opendkim.conf

 ## opendkim.conf -- configuration file for OpenDKIM filter
 ## Copyright (c) 2010-2015, The Trusted Domain Project.  All rights reserved.
 
 AutoRestart		YES
 AutoRestartRate	10/1h
 Canonicalization	relaxed/simple
 # Domain			smb.net
 ExternalIgnoreList	filename
 InternalHosts		dataset
 # KeyFile			/var/db/dkim/example.private
 KeyTable			/usr/local/etc/mail/opendkim.keytable
 LogWhy		Yes
 # Selector name
 SigningTable		refile:/usr/local/etc/mail/opendkim.signingtable
 # Socket				inet:port@localhost
 Socket				local:/var/run/milteropendkim/socket
 Syslog				Yes
 SyslogSuccess		Yes
 UMask				002

***warning: connect to Milter service unix:/var/run/clamav/clamav-milter.sock: Permission denied [#x8e23f57]
が出た。
原因は、上記設定の Umask を022としていたためだった(脱
* DKIM chekker site [#e31a1ee7]
https://dmarcian.com/dkim-inspector/

----
Total access &counter(total);:本日 &counter(today);:昨日 &counter(yesterday);
#counter([total|today|yesterday]);

トップ   編集 差分 履歴 添付 複製 名前変更 リロード   新規 一覧 検索 最終更新   ヘルプ   最終更新のRSS