OX DKIM

Aus Xinux Wiki
Zur Navigation springen Zur Suche springen

Install DKIM

  1. helpful links:
  2. https://help.univention.com/t/dkim-txt-dns-recort-problem/11190/5
  3. https://www.cubewerk.de/2017/12/04/spf-und-dkim-mit-univention-ucs-server/
  4. https://kofler.info/dkim-konfiguration-fuer-postfix/
  • univention-install -yy opendkim opendkim-tools

Konfig

  • mkdir -p /etc/opendkim/keys
  • DOMAIN=xxx.de
  • KEY=xxx
  • cat<<HERE > /etc/opendkim/trusted
127.0.0.1
:1
localhost
$DOMAIN
HERE
  • echo "*@$DOMAIN $KEY" > /etc/opendkim/signing.table
  • echo "$KEY $DOMAIN:202008:/etc/opendkim/keys/$KEY.private" > /etc/opendkim/key.table

Erzeugung der Schlüssel

  • cd /etc/opendkim
  • opendkim-genkey -d $DOMAIN -b 4096 -r -s 202008
  • mv *.private keys/$KEY.private
  • mv *.txt keys/$KEY.txt

set the base config

  • cat<<HERE> /etc/opendkim.conf
InternalHosts           refile:/etc/opendkim/trusted
ExternalIgnoreList      refile:/etc/opendkim/trusted
SigningTable            refile:/etc/opendkim/signing.table
KeyTable                refile:/etc/opendkim/key.table
SignatureAlgorithm      rsa-sha256
AutoRestart             yes
AutoRestartRate         10/1h
Syslog                  yes
SyslogSuccess           yes
LogWhy                  yes
UMask                   002
Canonicalization        relaxed/simple
Mode                    sv
Socket                  inet:12345@localhost
PidFile                 /var/run/opendkim/opendkim.pid
OversignHeaders         From
UserID                  opendkim:opendkim
HERE

Set the overriding config

  • echo "RUNDIR=/var/run/opendkim" > /etc/default/opendkim

Fix permissions and ownership

  • chown -R opendkim:opendkim /etc/opendkim
  • chmod -R go-rwx /etc/opendkim/keys

Edit

master=

  • vi /etc/univention/templates/files/etc/postfix/master.cf.d/30_antivir
## and add below "127.0.0.1:10025 inet n......."

-o smtpd_milters=

main

  • vi/etc/univention/templates/files/etc/postfix/main.cf.d/10_general
## and add below basic path definitions

#opendkim definitions
milter_default_action = accept
milter_protocol = 6
smtpd_milters = inet:localhost:12345
non_smtpd_milters = inet:localhost:12345

Registry

  • univention-config-registry commit /etc/postfix/master.cf
  • univention-config-registry commit /etc/postfix/main.cf
  • service postfix restart


Der TXT Record muss in die Zonendatei

  • cat /etc/opendkim/keys/yourdomaincom.txt


#Now: go to the UCS management Portal: Domain->DNS->yourdomain.com and create a TXT record in zone yourdomain.com:
#TXT: name=202008._domainkey value=//the_verifiered_key_copied_from_https://dkimcore.org/c/keycheck//

Test TXT Record

  • host -t TXT 202008._domainkey.$DOMAIN

TEST

  • opendkim-testkey -d $DOMAIN -s 202008 -vvv
###   output should look like this:
#  opendkim-testkey: using default configfile /etc/opendkim.conf
#  opendkim-testkey: checking key '202008._domainkey.yourdomain.com'
#  opendkim-testkey: key not secure
#  opendkim-testkey: key OK
###   do NOT worry about key not secure, this is OK if you do not use DNSSEC
########### MANUAL TASK ABOVE ########################
######################################################


check final config

Dkim.1.png

Abgerufen von „http://wiki.ixheim.de/index.php?title=OX_DKIM&oldid=30493