cetnos 7 + postfix 新增dkim功能
- 安裝
rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
yum install -y opendkim
- 產生private key與dns的TXT Record
opendkim-genkey -d <domain name>
cp default.* /etc/opendkim/keys
chown -R opendkim:opendkim /etc/opendkim
- 修改/etc/opendkim.conf
確認該設定檔案有以下的設定( KeyFile /etc/opendkim/keys/default.private 要mark起來 )
Mode sv
Socket inet:8891@127.0.0.1
Canonicalization relaxed/simple
Domain <domain name>
#KeyFile /etc/opendkim/keys/default.private
KeyTable refile:/etc/opendkim/KeyTable
#ps 若使用測試軟體出現invalid data set, 請改成 KeyTable /etc/opendkim/KeyTable
SigningTable refile:/etc/opendkim/SigningTable
ExternalIgnoreList refile:/etc/opendkim/TrustedHosts
InternalHosts refile:/etc/opendkim/TrustedHosts
- 修改 /etc/opendkim/KeyTable
default._domainkey.<domain name> <domain name>:default:/etc/opendkim/keys/default.private
以 test.com 為例子
default._domainkey.test.com test.com:default:/etc/opendkim/keys/default.private
- 修改 /etc/opendkim/SigningTable
*@<domain name> default._domainkey.<domain name>
以test.com為例子
*@test.com default._domainkey.test.com
- 修改 /etc/opendkim/TrustedHosts
127.0.0.1
<mail host name>
<domain name>
以 test.com 為例子
127.0.0.1
mail.test.com
test.com
- 新增以下設定 /etc/postfix/main.cf
smtpd_milters = inet:127.0.0.1:8891
non_smtpd_milters = $smtpd_milters
milter_default_action = accept
-
將/etc/opendkim/key/default.txt的資料更新到dns上
-
啟用service
systemctl start opendkim ; systemctl enable opendkim ; systemctl restart postfix
- 測試
- opendkim-testkey -x /etc/opendkim.conf 若無錯誤訊息代表成功
- 測試網站 https://www.appmaildev.com/