Rspamd DKIM

Aus Xinux Wiki
Zur Navigation springen Zur Suche springen

dkim/mail.key

  • cat dkim/mail.key
-----BEGIN PRIVATE KEY-----
MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAMat5xX+TcQvePUD
LedhtSxwVDYut+bFuxwXauzi6Dy6tyPUwqTaTDw5rtk6BzCrAbntRMLBJ+2dsp54
RUu06Xq8CWImL2vzk+W8lTBzBts5YuPWIgSoaSBe4KdwSek4opXUj+lGuyaQqM7N
seKXsAVmYfndCjT8BOYNctrPpcYzAgMBAAECgYBwJ9N/suMrkLDzfyv2pk2kHHUt
cQoXmB+cKAwQVbdMMQsZiw2mCiVnChkOP5e3fZGn560dU/S6Sn9+vd5Acowp4iy7
RGMV9vpAkEdjLJfns1ApKnup1OPX0TeXXOZCSFvt4vVgbxJq7B1k+J0fndIvad2m
3KlQaKxOVYUDinFhYQJBAOetbVo8FSoj/vqe1xT6WynIFPp3626nLRHg68PxoyN1
tnHeCUp/iMD2eiwF5OZXXb4v3KdEz5G6MFx6QoWVK9cCQQDbiZ22O/OZlEY7Rzrd
mTdwAq7JsfwalHEXzf2Snr/StBhUB70GJlhuWTm2xrMF5GVdwqy8UNyO4MpTss9D
Tg0FAkAMvYjJ8YvoaVpYRevmB26D+bDNpVKZHzBnT0sn1131UT/bOy6fnivTELrf
OOPBlwRctR0ZRbt0dBy8uSx3VCC5AkEAvI7xT5EkhFdPDyD51VUAwYr8Vy4w6x9u
F1UMoz8IYM/gSWQwHTUYJQcrw+nb34aw7ZwEQuZs2acHAGaHEDbchQJALs9gu/zn
cnMIb4svI9Ki7THA4wxilVb2/zDtpNveoCLKO6q4nFyWY39x8aiIZ7s08IMZkMGd
A73APthLPbsVjw==
-----END PRIVATE KEY-----



dkim/mail.txt

  • cat dkim/mail.txt
mail._domainkey IN TXT ( "v=DKIM1; k=rsa;" 
	"p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDGrecV/k3EL3j1Ay3nYbUscFQ2LrfmxbscF2rs4ug8urcj1MKk2kw8Oa7ZOgcwqwG57UTCwSftnbKeeEVLtOl6vAliJi9r85PlvJUwcwbbOWLj1iIEqGkgXuCncEnpOKKV1I/pRrsmkKjOzbHil7AFZmH53Qo0/ATmDXLaz6XGMwIDAQAB" ) ;



local.d/dkim_signing.conf

  • cat local.d/dkim_signing.conf
# /etc/rspamd/local.d/dkim_signing.conf

# Enable DKIM signing
enabled = true;

# Default signing configuration
domain {
  it.int {
    selector = "mail";
    path = "/etc/rspamd/dkim/mail.key";
  }
}

use_domain = "header";
allow_username_mismatch = true;
# Sign outbound mail only
sign_authenticated = true;
sign_local = true;
sign_inbound = false;

# Default settings
use_esld = true;
check_pubkey = true;



local.d/logging.inc

  • cat local.d/logging.inc
level = "debug";
debug_modules = ["dkim_signing"];



local.d/redis.conf

  • cat local.d/redis.conf
servers = "127.0.0.1:6379";



override.d/antivirus.conf

  • cat override.d/antivirus.conf
# Antivirus-Modul aktivieren
enabled = true;

clamav {
    # ClamAV als Virenscanner
    type = "clamav";
    
    # Symbol das gesetzt wird wenn ein Virus gefunden wurde
    symbol = "CLAM_VIRUS";
    
    # Verbindung zum ClamAV-Daemon ueber Unix-Socket
    servers = "/var/run/clamav/clamd.ctl";
    
    # Auch Text-MIME-Parts scannen (nicht nur Anhaenge)
    scan_text_mime = true;
    
    # Alle MIME-Teile einzeln scannen
    scan_mime_parts = true;
    
    # Auch sehr kleine Dateien scannen (kein Mindest-Limit)
    min_size = 0;
    
    # Auch Mails ohne Authentifizierung scannen
    scan_unauthenticated = true;
    
    # Streaming-Modus - Mail wird direkt waehrend Empfang gescannt
    stream = true;
    
    # Score von 20 bei Fund - reicht alleine fuer reject (Schwelle 15)
    score = 20.0;
}



override.d/worker-controller.inc

  • cat override.d/worker-controller.inc
password = "$2$jm57o86qgm1x5p37ka4g8eq5d9erch7w$um5ez3jyzh93mt5y9fsusbke7cq7pxhuk3radsk94ty7yaiuxnqb";
bind_socket = "*:11334";



root@dnsgw:/etc/rspamd# root@dnsgw:/etc/rspamd# root@dnsgw:/etc/rspamd# vi +4 /usr/local/bin/make-wiki.sh root@dnsgw:/etc/rspamd# make-wiki.sh dat.list

dkim/mail.key

  • cat dkim/mail.key
-----BEGIN PRIVATE KEY-----
MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAMat5xX+TcQvePUD
LedhtSxwVDYut+bFuxwXauzi6Dy6tyPUwqTaTDw5rtk6BzCrAbntRMLBJ+2dsp54
RUu06Xq8CWImL2vzk+W8lTBzBts5YuPWIgSoaSBe4KdwSek4opXUj+lGuyaQqM7N
seKXsAVmYfndCjT8BOYNctrPpcYzAgMBAAECgYBwJ9N/suMrkLDzfyv2pk2kHHUt
cQoXmB+cKAwQVbdMMQsZiw2mCiVnChkOP5e3fZGn560dU/S6Sn9+vd5Acowp4iy7
RGMV9vpAkEdjLJfns1ApKnup1OPX0TeXXOZCSFvt4vVgbxJq7B1k+J0fndIvad2m
3KlQaKxOVYUDinFhYQJBAOetbVo8FSoj/vqe1xT6WynIFPp3626nLRHg68PxoyN1
tnHeCUp/iMD2eiwF5OZXXb4v3KdEz5G6MFx6QoWVK9cCQQDbiZ22O/OZlEY7Rzrd
mTdwAq7JsfwalHEXzf2Snr/StBhUB70GJlhuWTm2xrMF5GVdwqy8UNyO4MpTss9D
Tg0FAkAMvYjJ8YvoaVpYRevmB26D+bDNpVKZHzBnT0sn1131UT/bOy6fnivTELrf
OOPBlwRctR0ZRbt0dBy8uSx3VCC5AkEAvI7xT5EkhFdPDyD51VUAwYr8Vy4w6x9u
F1UMoz8IYM/gSWQwHTUYJQcrw+nb34aw7ZwEQuZs2acHAGaHEDbchQJALs9gu/zn
cnMIb4svI9Ki7THA4wxilVb2/zDtpNveoCLKO6q4nFyWY39x8aiIZ7s08IMZkMGd
A73APthLPbsVjw==
-----END PRIVATE KEY-----


dkim/mail.txt

  • cat dkim/mail.txt
mail._domainkey IN TXT ( "v=DKIM1; k=rsa;" 
	"p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDGrecV/k3EL3j1Ay3nYbUscFQ2LrfmxbscF2rs4ug8urcj1MKk2kw8Oa7ZOgcwqwG57UTCwSftnbKeeEVLtOl6vAliJi9r85PlvJUwcwbbOWLj1iIEqGkgXuCncEnpOKKV1I/pRrsmkKjOzbHil7AFZmH53Qo0/ATmDXLaz6XGMwIDAQAB" ) ;


local.d/dkim_signing.conf

  • cat local.d/dkim_signing.conf
# /etc/rspamd/local.d/dkim_signing.conf

# Enable DKIM signing
enabled = true;

# Default signing configuration
domain {
  it.int {
    selector = "mail";
    path = "/etc/rspamd/dkim/mail.key";
  }
}

use_domain = "header";
allow_username_mismatch = true;
# Sign outbound mail only
sign_authenticated = true;
sign_local = true;
sign_inbound = false;

# Default settings
use_esld = true;
check_pubkey = true;


local.d/logging.inc

  • cat local.d/logging.inc
level = "debug";
debug_modules = ["dkim_signing"];


local.d/redis.conf

  • cat local.d/redis.conf
servers = "127.0.0.1:6379";


override.d/antivirus.conf

  • cat override.d/antivirus.conf
# Antivirus-Modul aktivieren
enabled = true;

clamav {
    # ClamAV als Virenscanner
    type = "clamav";
    
    # Symbol das gesetzt wird wenn ein Virus gefunden wurde
    symbol = "CLAM_VIRUS";
    
    # Verbindung zum ClamAV-Daemon ueber Unix-Socket
    servers = "/var/run/clamav/clamd.ctl";
    
    # Auch Text-MIME-Parts scannen (nicht nur Anhaenge)
    scan_text_mime = true;
    
    # Alle MIME-Teile einzeln scannen
    scan_mime_parts = true;
    
    # Auch sehr kleine Dateien scannen (kein Mindest-Limit)
    min_size = 0;
    
    # Auch Mails ohne Authentifizierung scannen
    scan_unauthenticated = true;
    
    # Streaming-Modus - Mail wird direkt waehrend Empfang gescannt
    stream = true;
    
    # Score von 20 bei Fund - reicht alleine fuer reject (Schwelle 15)
    score = 20.0;
}


override.d/worker-controller.inc

  • cat override.d/worker-controller.inc
password = "$2$jm57o86qgm1x5p37ka4g8eq5d9erch7w$um5ez3jyzh93mt5y9fsusbke7cq7pxhuk3radsk94ty7yaiuxnqb";
bind_socket = "*:11334";