Com*_*fox 8 email-server debian postfix dkim opendkim
我正在尝试在运行 Debian 和 Postfix 的邮件服务器上设置 OpenDKIM。这是我做的配置:
密钥表:
mail._domainkey.domain1.com domain1.com:mail:/etc/opendkim/keys/domain1.com/mail.private
mail._domainkey.domain2.com domain2.com:mail:/etc/opendkim/keys/domain2.com/mail.private
签名表:
*.domain1.com mail._domainkey.domain1.com
*.domain2.com mail._domainkey.domain2.com
可信主机:
127.0.0.1
::1
localhost
我的opendkim.conf读物:
# This is a basic configuration that can easily be adapted to suit a standard
# installation. For more advanced options, see opendkim.conf(5) and/or
# /usr/share/doc/opendkim/examples/opendkim.conf.sample.
# Log to syslog
Syslog yes
# Required to use local socket with MTAs that access the socket as a non-
# privileged user (e.g. Postfix)
UMask 002
LogWhy yes
OversignHeaders From
TrustAnchorFile /usr/share/dns/root.key
KeyTable /etc/opendkim/KeyTable
SigningTable refile:/etc/opendkim/SigningTable
ExternalIgnoreList /etc/opendkim/TrustedHosts
InternalHosts /etc/opendkim/TrustedHosts
最后,我使用 milter 套接字将它连接到 Postfix:
后缀 main.cf:
# Milters
smtpd_milters =
unix:/opendkim/opendkim.sock,
unix:/clamav/clamav-milter.ctl,
unix:/spamass/spamass.sock
non_smtpd_milters = unix:/opendkim/opendkim.sock
在当前状态下,OpenDKIM 确实会正确验证传入邮件的签名,但由于某种原因它不会对传出邮件进行签名。这是在mail.log尝试发送消息时登录的:
Nov 8 16:35:02 illium opendkim[30142]: 826DF501F39: %clienthostname% %clientip% not internal
Nov 8 16:35:02 illium opendkim[30142]: 826DF501F39: not authenticated
Nov 8 16:35:02 illium opendkim[30142]: 826DF501F39: no signature data
我认为这not authenticated部分是不正确的,因为邮件是使用经过身份验证的 SMTP 从客户端提交到 Postfix 的。
问题是由两件事引起的:
相反的是在意见opendkim.conf要求,mode = sv是不是默认。我必须明确设置它。
我在 SigningTable 中犯了一个错误:*.domain1.com应该是*@domain1.com.
纠正这两点后,它现在可以正常工作了。