FreeBSD OpenDKIM

CONTENTS

OpenDKIM
複数ドメイン
- portinstall mail/opendkim
  - warning: connect to Milter service unix:/var/run/clamav/clamav-milter.sock: Permission denied
DKIM chekker site

Lastmodified　2024-01-16 (火) 11:24:55

OpenDKIM†

【参考URL】https://wp.kncn.net/277

https://qiita.com/Chun3/items/4c15ee889b052df67bbd

portinstall mail/opendkim

unbound-1.16.1 も依存関係でインストールされるが、ダウンロード途中で　Login: PW:を求められ、いずれも空白でOKだった。

In order to run this port, write your opendkim.conf and:

if you use sendmail, add the milter socket `socketspec' in
/etc/mail/<your_configuration>.mc:

INPUT_MAIL_FILTER(`dkim-filter', `S=_YOUR_SOCKET_SPEC_, F=T, T=R:2m')

or if you use postfix write your milter socket `socketspec' in
/usr/local/etc/postfix/main.cf:

smtpd_milters = _YOUR_SOCKET_SPEC_


And to run the milter from startup, add milteropendkim_enable="YES" in
your /etc/rc.conf.
Extra options can be found in startup script.

Note: milter sockets must be accessible from postfix/smtpd;
  using inet sockets might be preferred.

/etc/rc.conf

milteropendkim_enable="YES"

/usr/local/etc/mail/opendkim.conf

Canonicalization        simple/simple
Domain                  smb.net
KeyFile                 /var/db/dkim/smb.net.private
LogWhy                  yes
Mode                    sv
ReportAddress           "DKIM Error Postmaster" <postmaster@smb.net>
Selector                smb.net
SendReports             yes
Socket                  local:/var/run/milteropendkim/socket
SubDomains              yes
Syslog                  Yes
SyslogSuccess           yes
UMask                   002

/etc/group

 pw group mod mailnull -m postfix

mailnull:*:26:postfix <-- postfix 追加

↑

認証鍵の作成†

# mkdir /var/db/dkim
# chmod 700 /var/db/dkim
# opendkim-genkey -D /var/db/dkim -d smb.net -s smb.net
# chown -R mailnull:mailnull /var/db/dkim

↑

公開鍵を DNS の TXT レコードに設定†

/usr/local/etc/namedb/smb.net.zone

_domainkey              IN      TXT     "t=y; o=~"
smb.net._domainkey     IN      TXT     "v=DKIM1; k=rsa; p=hogehoge"
_adsp._domainkey        IN      TXT     "dkim=unknown"

2行目は /var/db/dkim/smb.net.txt の内容を設定。こんなかんじか？

_domainkey             IN  TXT     "t=y; o=~"
smb.net._domainkey  IN  TXT     "v=DKIM1; k=rsa; "
	  "p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDWTSD8w....WwIDAQAB" )  ; ----- DKIM key smb.net for smb.net
_adsp._domainkey       IN  TXT     "dkim=unknown"

↑

postfixの設定変更†

/usr/local/etc/postfix/main.cf

# opendkim mail filter
smtpd_milters = unix:/var/run/milteropendkim/socket
non_smtpd_milters = $smtpd_milters
milter_default_action = accept

↑

送信テストでエラー†

# mail hogehoge@smb.net
Subject: TEST
TEST
. 
EOT

# collect: Cannot write ./df26U3v8rT004196 (bfcommit, uid=25, gid=25): Permission denied
queueup: cannot create queue file ./qf26U3v8rT004196, euid=25, fd=-1, fp=0x0: Permission denied

これは、var/spool/clientmqueue　にキューファイルが書き込めないという事のようなので、

chown smmsp:smmsp /var/spool/clientmqueue

した。

↑

opendkim起動しない？†

【起動】は、

service milter-opendkim start
Starting milteropendkim.

なのだが、エラーがでた。

Jul 30 16:44:37 g7 opendkim[5034]: OpenDKIM Filter: Unable to bind to port local:/var/run/milteropendkim/socket: Permission denied
Jul 30 16:44:37 g7 opendkim[5034]: OpenDKIM Filter: Unable to create listening socket on conn local:/var/run/milteropendkim/socket
Jul 30 16:44:37 g7 opendkim[5034]: smfi_opensocket() failed

/var/run/milteropendkim　フォルダを mailnull:mailnull とした。

chown -R  mailnull:mailnull  /var/run/milteropendkim

↑

dkim=temperror (no key for signature) header.i=†

https://qiita.com/geeorgey/items/450b498d2b98b6b868a8

↑

2日後になったらOKだった！？†

Authentication-Results: mx.google.com;
       dkim=pass header.i=@kuji-clinic.net header.s=kuji-clinic.net header.b=Cmlx06jK;
       dkim=pass header.i=@kuji-clinic.net header.s=kuji-clinic.net header.b="4N/mbxrB";
       spf=pass (google.com: best guess record for domain of root@g7.kuji-clinic.net designates 210.255.122.215 as permitted sender)

↑

複数ドメイン†

https://www.nic.ad.jp/ja/materials/iw/2011/proceedings/s03/s03-03.pdf

https://www.web-dev-qa-db-ja.com/ja/postfix/opendkim%E3%81%AB%E8%A4%87%E6%95%B0%E3%81%AE%E3%82%BB%E3%83%AC%E3%82%AF%E3%82%BF%E3%83%BC%E3%82%92%E4%BD%BF%E7%94%A8%E3%81%A7%E3%81%8D%E3%81%BE%E3%81%99%E3%81%8B%EF%BC%9F/960080409/

https://igreks.jp/dev/dkim-multiple-domain-maker-3rdparty/

https://forums.freebsd.org/threads/issues-with-opendkim.72749/

https://blog.balyuzi.uk/dkim-postfix-on-freebsd/

↑

portinstall mail/opendkim†

/etc/rc.conf

milteropendkim_enable="YES"

/etc/group

mailnull:*:26:postfix   <-- postfix 追加

認証鍵を作成。

# mkdir /var/db/dkim
# chmod 700 /var/db/dkim
# opendkim-genkey -D /var/db/dkim -d smb.net -s smb.net
# opendkim-genkey -D /var/db/dkim -d niihama-med.or.jp -s niihama-med.or.jp
# chown -R mailnull:mailnull /var/db/dkim

/usr/local/etc/mail/opendkim.conf

## opendkim.conf -- configuration file for OpenDKIM filter
## Copyright (c) 2010-2015, The Trusted Domain Project.  All rights reserved.

AutoRestart		YES
AutoRestartRate	10/1h
Canonicalization	relaxed/simple
# Domain			smb.net
ExternalIgnoreList	filename
InternalHosts		dataset
# KeyFile			/var/db/dkim/example.private
KeyTable			/usr/local/etc/mail/opendkim.keytable
LogWhy		Yes
# Selector name
SigningTable		refile:/usr/local/etc/mail/opendkim.signingtable
# Socket				inet:port@localhost
Socket				local:/var/run/milteropendkim/socket
Syslog				Yes
SyslogSuccess		Yes
UMask				002

↑