#author("2024-01-16T11:21:48+09:00","default:kuji","kuji") #author("2024-01-16T11:24:55+09:00","default:kuji","kuji") CONTENTS #contents ---- Lastmodified &lastmod; ---- *OpenDKIM [#j8f63f5c] 【参考URL】https://wp.kncn.net/277 https://qiita.com/Chun3/items/4c15ee889b052df67bbd portinstall mail/opendkim unbound-1.16.1 も依存関係でインストールされるが、ダウンロード途中で Login: PW:を求められ、いずれも空白でOKだった。 In order to run this port, write your opendkim.conf and: if you use sendmail, add the milter socket `socketspec' in /etc/mail/<your_configuration>.mc: INPUT_MAIL_FILTER(`dkim-filter', `S=_YOUR_SOCKET_SPEC_, F=T, T=R:2m') or if you use postfix write your milter socket `socketspec' in /usr/local/etc/postfix/main.cf: smtpd_milters = _YOUR_SOCKET_SPEC_ And to run the milter from startup, add milteropendkim_enable="YES" in your /etc/rc.conf. Extra options can be found in startup script. Note: milter sockets must be accessible from postfix/smtpd; using inet sockets might be preferred. /etc/rc.conf milteropendkim_enable="YES" /usr/local/etc/mail/opendkim.conf Canonicalization simple/simple Domain smb.net KeyFile /var/db/dkim/smb.net.private LogWhy yes Mode sv ReportAddress "DKIM Error Postmaster" <postmaster@smb.net> Selector smb.net SendReports yes Socket local:/var/run/milteropendkim/socket SubDomains yes Syslog Yes SyslogSuccess yes UMask 002 /etc/group pw group mod mailnull -m postfix mailnull:*:26:postfix <-- postfix 追加 **認証鍵の作成 [#f748ccfc] # mkdir /var/db/dkim # chmod 700 /var/db/dkim # opendkim-genkey -D /var/db/dkim -d smb.net -s smb.net # chown -R mailnull:mailnull /var/db/dkim **公開鍵を DNS の TXT レコードに設定 [#ed5888cd] /usr/local/etc/namedb/smb.net.zone _domainkey IN TXT "t=y; o=~" smb.net._domainkey IN TXT "v=DKIM1; k=rsa; p=hogehoge" _adsp._domainkey IN TXT "dkim=unknown" 2行目は /var/db/dkim/smb.net.txt の内容を設定。こんなかんじか? _domainkey IN TXT "t=y; o=~" smb.net._domainkey IN TXT "v=DKIM1; k=rsa; " "p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDWTSD8w....WwIDAQAB" ) ; ----- DKIM key smb.net for smb.net _adsp._domainkey IN TXT "dkim=unknown" **postfixの設定変更 [#m5443313] /usr/local/etc/postfix/main.cf # opendkim mail filter smtpd_milters = unix:/var/run/milteropendkim/socket non_smtpd_milters = $smtpd_milters milter_default_action = accept ** 送信テストでエラー [#i13efcd9] # mail hogehoge@smb.net Subject: TEST TEST . EOT # collect: Cannot write ./df26U3v8rT004196 (bfcommit, uid=25, gid=25): Permission denied queueup: cannot create queue file ./qf26U3v8rT004196, euid=25, fd=-1, fp=0x0: Permission denied これは、var/spool/clientmqueue にキューファイルが書き込めないという事のようなので、 chown smmsp:smmsp /var/spool/clientmqueue した。 ** opendkim起動しない? [#z84ca761] 【起動】は、 service milter-opendkim start Starting milteropendkim. なのだが、エラーがでた。 Jul 30 16:44:37 g7 opendkim[5034]: OpenDKIM Filter: Unable to bind to port local:/var/run/milteropendkim/socket: Permission denied Jul 30 16:44:37 g7 opendkim[5034]: OpenDKIM Filter: Unable to create listening socket on conn local:/var/run/milteropendkim/socket Jul 30 16:44:37 g7 opendkim[5034]: smfi_opensocket() failed /var/run/milteropendkim フォルダを mailnull:mailnull とした。 chown -R mailnull:mailnull /var/run/milteropendkim **dkim=temperror (no key for signature) header.i= [#h165be97] https://qiita.com/geeorgey/items/450b498d2b98b6b868a8 **2日後になったらOKだった!? [#rb7c88b0] Authentication-Results: mx.google.com; dkim=pass header.i=@kuji-clinic.net header.s=kuji-clinic.net header.b=Cmlx06jK; dkim=pass header.i=@kuji-clinic.net header.s=kuji-clinic.net header.b="4N/mbxrB"; spf=pass (google.com: best guess record for domain of root@g7.kuji-clinic.net designates 210.255.122.215 as permitted sender) *複数ドメイン [#l6d395c7] https://www.nic.ad.jp/ja/materials/iw/2011/proceedings/s03/s03-03.pdf https://www.web-dev-qa-db-ja.com/ja/postfix/opendkim%E3%81%AB%E8%A4%87%E6%95%B0%E3%81%AE%E3%82%BB%E3%83%AC%E3%82%AF%E3%82%BF%E3%83%BC%E3%82%92%E4%BD%BF%E7%94%A8%E3%81%A7%E3%81%8D%E3%81%BE%E3%81%99%E3%81%8B%EF%BC%9F/960080409/ https://igreks.jp/dev/dkim-multiple-domain-maker-3rdparty/ https://forums.freebsd.org/threads/issues-with-opendkim.72749/ https://blog.balyuzi.uk/dkim-postfix-on-freebsd/ **portinstall mail/opendkim [#h1d11387] /etc/rc.conf milteropendkim_enable="YES" /etc/group mailnull:*:26:postfix <-- postfix 追加 認証鍵を作成。 # mkdir /var/db/dkim # chmod 700 /var/db/dkim # opendkim-genkey -D /var/db/dkim -d smb.net -s smb.net # opendkim-genkey -D /var/db/dkim -d niihama-med.or.jp -s niihama-med.or.jp # chown -R mailnull:mailnull /var/db/dkim /usr/local/etc/mail/opendkim.conf ## opendkim.conf -- configuration file for OpenDKIM filter ## Copyright (c) 2010-2015, The Trusted Domain Project. All rights reserved. AutoRestart YES AutoRestartRate 10/1h Canonicalization relaxed/simple # Domain smb.net ExternalIgnoreList filename InternalHosts dataset # KeyFile /var/db/dkim/example.private KeyTable /usr/local/etc/mail/opendkim.keytable LogWhy Yes # Selector name SigningTable refile:/usr/local/etc/mail/opendkim.signingtable # Socket inet:port@localhost Socket local:/var/run/milteropendkim/socket Syslog Yes SyslogSuccess Yes UMask 002 ***warning: connect to Milter service unix:/var/run/clamav/clamav-milter.sock: Permission denied [#x8e23f57] が出た。 原因は、上記設定の Umask を022としていたためだった(脱 * DKIM chekker site [#e31a1ee7] https://dmarcian.com/dkim-inspector/ ---- Total access &counter(total);:本日 &counter(today);:昨日 &counter(yesterday); #counter([total|today|yesterday]);