CONTENTS


Lastmodified 2024-01-16 (火) 11:24:55


OpenDKIM

【参考URL】https://wp.kncn.net/277

https://qiita.com/Chun3/items/4c15ee889b052df67bbd

portinstall mail/opendkim

unbound-1.16.1 も依存関係でインストールされるが、ダウンロード途中で Login: PW:を求められ、いずれも空白でOKだった。

In order to run this port, write your opendkim.conf and:

if you use sendmail, add the milter socket `socketspec' in
/etc/mail/<your_configuration>.mc:

INPUT_MAIL_FILTER(`dkim-filter', `S=_YOUR_SOCKET_SPEC_, F=T, T=R:2m')

or if you use postfix write your milter socket `socketspec' in
/usr/local/etc/postfix/main.cf:

smtpd_milters = _YOUR_SOCKET_SPEC_


And to run the milter from startup, add milteropendkim_enable="YES" in
your /etc/rc.conf.
Extra options can be found in startup script.

Note: milter sockets must be accessible from postfix/smtpd;
  using inet sockets might be preferred.

/etc/rc.conf

milteropendkim_enable="YES"

/usr/local/etc/mail/opendkim.conf

Canonicalization        simple/simple
Domain                  smb.net
KeyFile                 /var/db/dkim/smb.net.private
LogWhy                  yes
Mode                    sv
ReportAddress           "DKIM Error Postmaster" <postmaster@smb.net>
Selector                smb.net
SendReports             yes
Socket                  local:/var/run/milteropendkim/socket
SubDomains              yes
Syslog                  Yes
SyslogSuccess           yes
UMask                   002

/etc/group

mailnull:*:26:postfix   <-- postfix 追加

認証鍵の作成

# mkdir /var/db/dkim
# chmod 700 /var/db/dkim
# opendkim-genkey -D /var/db/dkim -d smb.net -s smb.net
# chown -R mailnull:mailnull /var/db/dkim

公開鍵を DNS の TXT レコードに設定

/usr/local/etc/namedb/smb.net.zone

_domainkey              IN      TXT     "t=y; o=~"
smb.net._domainkey     IN      TXT     "v=DKIM1; k=rsa; p=hogehoge"
_adsp._domainkey        IN      TXT     "dkim=unknown"

2行目は /var/db/dkim/smb.net.txt の内容を設定。こんなかんじか?

_domainkey             IN  TXT     "t=y; o=~"
smb.net._domainkey  IN  TXT     "v=DKIM1; k=rsa; "
	  "p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDWTSD8w....WwIDAQAB" )  ; ----- DKIM key smb.net for smb.net
_adsp._domainkey       IN  TXT     "dkim=unknown"

postfixの設定変更

/usr/local/etc/postfix/main.cf

# mail filter
smtpd_milters = unix:/var/run/milteropendkim/socket
non_smtpd_milters = $smtpd_milters
milter_default_action = accept

送信テストでエラー

# mail hogehoge@smb.net
Subject: TEST
TEST
. 
EOT

# collect: Cannot write ./df26U3v8rT004196 (bfcommit, uid=25, gid=25): Permission denied
queueup: cannot create queue file ./qf26U3v8rT004196, euid=25, fd=-1, fp=0x0: Permission denied

これは、var/spool/clientmqueue にキューファイルが書き込めないという事のようなので、

chown smmsp:smmsp /var/spool/clientmqueue

した。

opendkim起動しない?

Jul 30 16:44:37 g7 opendkim[5034]: OpenDKIM Filter: Unable to bind to port local:/var/run/milteropendkim/socket: Permission denied
Jul 30 16:44:37 g7 opendkim[5034]: OpenDKIM Filter: Unable to create listening socket on conn local:/var/run/milteropendkim/socket
Jul 30 16:44:37 g7 opendkim[5034]: smfi_opensocket() failed

/var/run/milteropendkim フォルダを mailnull:mailnull とした。

dkim=temperror (no key for signature) header.i=

https://qiita.com/geeorgey/items/450b498d2b98b6b868a8

2日後になったらOKだった!?

Authentication-Results: mx.google.com;
       dkim=pass header.i=@kuji-clinic.net header.s=kuji-clinic.net header.b=Cmlx06jK;
       dkim=pass header.i=@kuji-clinic.net header.s=kuji-clinic.net header.b="4N/mbxrB";
       spf=pass (google.com: best guess record for domain of root@g7.kuji-clinic.net designates 210.255.122.215 as permitted sender) 

複数ドメイン

https://www.nic.ad.jp/ja/materials/iw/2011/proceedings/s03/s03-03.pdf

https://www.web-dev-qa-db-ja.com/ja/postfix/opendkim%E3%81%AB%E8%A4%87%E6%95%B0%E3%81%AE%E3%82%BB%E3%83%AC%E3%82%AF%E3%82%BF%E3%83%BC%E3%82%92%E4%BD%BF%E7%94%A8%E3%81%A7%E3%81%8D%E3%81%BE%E3%81%99%E3%81%8B%EF%BC%9F/960080409/

https://igreks.jp/dev/dkim-multiple-domain-maker-3rdparty/


Total access 872:本日 1:昨日 1

Counter: 872, today: 1, yesterday: 1

トップ   新規 一覧 検索 最終更新   ヘルプ   最終更新のRSS