- 追加された行はこの色です。
- 削除された行はこの色です。
#author("2022-07-30T12:34:51+09:00","default:kuji","kuji")
#author("2024-01-16T11:24:55+09:00","default:kuji","kuji")
CONTENTS
#contents
----
Lastmodified &lastmod;
----
*OpenDKIM [#j8f63f5c]
【参考URL】https://wp.kncn.net/277
https://qiita.com/Chun3/items/4c15ee889b052df67bbd
portinstall mail/opendkim
unbound-1.16.1 も依存関係でインストールされるが、ダウンロード途中で Login: PW:を求められ、いずれも空白でOKだった。
In order to run this port, write your opendkim.conf and:
if you use sendmail, add the milter socket `socketspec' in
/etc/mail/<your_configuration>.mc:
INPUT_MAIL_FILTER(`dkim-filter', `S=_YOUR_SOCKET_SPEC_, F=T, T=R:2m')
or if you use postfix write your milter socket `socketspec' in
/usr/local/etc/postfix/main.cf:
smtpd_milters = _YOUR_SOCKET_SPEC_
And to run the milter from startup, add milteropendkim_enable="YES" in
your /etc/rc.conf.
Extra options can be found in startup script.
Note: milter sockets must be accessible from postfix/smtpd;
using inet sockets might be preferred.
/etc/rc.conf
milteropendkim_enable="YES"
/usr/local/etc/mail/opendkim.conf
Canonicalization simple/simple
Domain smb.net
KeyFile /var/db/dkim/smb.net.private
LogWhy yes
Mode sv
ReportAddress "DKIM Error Postmaster" <postmaster@smb.net>
Selector smb.net
SendReports yes
Socket local:/var/run/milteropendkim/socket
SubDomains yes
Syslog Yes
SyslogSuccess yes
UMask 002
/etc/group
mailnull:*:26:postfix <-- postfix 追加
pw group mod mailnull -m postfix
mailnull:*:26:postfix <-- postfix 追加
**認証鍵の作成 [#f748ccfc]
# mkdir /var/db/dkim
# chmod 700 /var/db/dkim
# opendkim-genkey -D /var/db/dkim -d smb.net -s smb.net
# chown -R mailnull:mailnull /var/db/dkim
**公開鍵を DNS の TXT レコードに設定 [#ed5888cd]
/usr/local/etc/namedb/smb.net.zone
_domainkey IN TXT "t=y; o=~"
smb.net._domainkey IN TXT "v=DKIM1; k=rsa; p=hogehoge"
_adsp._domainkey IN TXT "dkim=unknown"
2行目は /var/db/dkim/smb.net.txt の内容を設定。こんなかんじか?
_domainkey IN TXT "t=y; o=~"
smb.net._domainkey IN TXT "v=DKIM1; k=rsa; "
"p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDWTSD8w....WwIDAQAB" ) ; ----- DKIM key smb.net for smb.net
_adsp._domainkey IN TXT "dkim=unknown"
**postfixの設定変更 [#m5443313]
/usr/local/etc/postfix/main.cf
# mail filter
# opendkim mail filter
smtpd_milters = unix:/var/run/milteropendkim/socket
non_smtpd_milters = $smtpd_milters
milter_default_action = accept
** 送信テストでエラー [#i13efcd9]
# mail hogehoge@smb.net
Subject: TEST
TEST
.
EOT
# collect: Cannot write ./df26U3v8rT004196 (bfcommit, uid=25, gid=25): Permission denied
queueup: cannot create queue file ./qf26U3v8rT004196, euid=25, fd=-1, fp=0x0: Permission denied
これは、var/spool/clientmqueue にキューファイルが書き込めないという事のようなので、
chown smmsp:smmsp /var/spool/clientmqueue
した。
** opendkim起動しない? [#z84ca761]
【起動】は、
service milter-opendkim start
Starting milteropendkim.
なのだが、エラーがでた。
Jul 30 16:44:37 g7 opendkim[5034]: OpenDKIM Filter: Unable to bind to port local:/var/run/milteropendkim/socket: Permission denied
Jul 30 16:44:37 g7 opendkim[5034]: OpenDKIM Filter: Unable to create listening socket on conn local:/var/run/milteropendkim/socket
Jul 30 16:44:37 g7 opendkim[5034]: smfi_opensocket() failed
/var/run/milteropendkim フォルダを mailnull:mailnull とした。
chown -R mailnull:mailnull /var/run/milteropendkim
**dkim=temperror (no key for signature) header.i= [#h165be97]
https://qiita.com/geeorgey/items/450b498d2b98b6b868a8
**2日後になったらOKだった!? [#rb7c88b0]
Authentication-Results: mx.google.com;
dkim=pass header.i=@kuji-clinic.net header.s=kuji-clinic.net header.b=Cmlx06jK;
dkim=pass header.i=@kuji-clinic.net header.s=kuji-clinic.net header.b="4N/mbxrB";
spf=pass (google.com: best guess record for domain of root@g7.kuji-clinic.net designates 210.255.122.215 as permitted sender)
*複数ドメイン [#l6d395c7]
https://www.nic.ad.jp/ja/materials/iw/2011/proceedings/s03/s03-03.pdf
https://www.web-dev-qa-db-ja.com/ja/postfix/opendkim%E3%81%AB%E8%A4%87%E6%95%B0%E3%81%AE%E3%82%BB%E3%83%AC%E3%82%AF%E3%82%BF%E3%83%BC%E3%82%92%E4%BD%BF%E7%94%A8%E3%81%A7%E3%81%8D%E3%81%BE%E3%81%99%E3%81%8B%EF%BC%9F/960080409/
https://igreks.jp/dev/dkim-multiple-domain-maker-3rdparty/
https://forums.freebsd.org/threads/issues-with-opendkim.72749/
https://blog.balyuzi.uk/dkim-postfix-on-freebsd/
**portinstall mail/opendkim [#h1d11387]
/etc/rc.conf
milteropendkim_enable="YES"
/etc/group
mailnull:*:26:postfix <-- postfix 追加
認証鍵を作成。
# mkdir /var/db/dkim
# chmod 700 /var/db/dkim
# opendkim-genkey -D /var/db/dkim -d smb.net -s smb.net
# opendkim-genkey -D /var/db/dkim -d niihama-med.or.jp -s niihama-med.or.jp
# chown -R mailnull:mailnull /var/db/dkim
/usr/local/etc/mail/opendkim.conf
## opendkim.conf -- configuration file for OpenDKIM filter
## Copyright (c) 2010-2015, The Trusted Domain Project. All rights reserved.
AutoRestart YES
AutoRestartRate 10/1h
Canonicalization relaxed/simple
# Domain smb.net
ExternalIgnoreList filename
InternalHosts dataset
# KeyFile /var/db/dkim/example.private
KeyTable /usr/local/etc/mail/opendkim.keytable
LogWhy Yes
# Selector name
SigningTable refile:/usr/local/etc/mail/opendkim.signingtable
# Socket inet:port@localhost
Socket local:/var/run/milteropendkim/socket
Syslog Yes
SyslogSuccess Yes
UMask 002
***warning: connect to Milter service unix:/var/run/clamav/clamav-milter.sock: Permission denied [#x8e23f57]
が出た。
原因は、上記設定の Umask を022としていたためだった(脱
* DKIM chekker site [#e31a1ee7]
https://dmarcian.com/dkim-inspector/
----
Total access &counter(total);:本日 &counter(today);:昨日 &counter(yesterday);
#counter([total|today|yesterday]);