OX DKIM: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
(Die Seite wurde neu angelegt: „=Install DKIM= #helpful links: #https://help.univention.com/t/dkim-txt-dns-recort-problem/11190/5 #https://www.cubewerk.de/2017/12/04/spf-und-dkim-mit-univenti…“) |
|||
| (17 dazwischenliegende Versionen desselben Benutzers werden nicht angezeigt) | |||
| Zeile 6: | Zeile 6: | ||
*univention-install -yy opendkim opendkim-tools | *univention-install -yy opendkim opendkim-tools | ||
=Konfig= | =Konfig= | ||
| − | *mkdir /etc/opendkim | + | *mkdir -p /etc/opendkim/keys |
| − | * | + | *DOMAIN=xxx.de |
| − | + | *KEY=xxx | |
| − | + | *cat<<HERE > /etc/opendkim/trusted | |
127.0.0.1 | 127.0.0.1 | ||
:1 | :1 | ||
localhost | localhost | ||
| − | + | $DOMAIN | |
| − | + | HERE | |
| − | |||
| − | echo "*@ | + | *echo "*@$DOMAIN $KEY" > /etc/opendkim/signing.table |
| + | *echo "$KEY $DOMAIN:202008:/etc/opendkim/keys/$KEY.private" > /etc/opendkim/key.table | ||
| + | =Erzeugung der Schlüssel= | ||
| + | *cd /etc/opendkim | ||
| + | *opendkim-genkey -d $DOMAIN -b 4096 -r -s 202008 | ||
| + | *mv *.private keys/$KEY.private | ||
| + | *mv *.txt keys/$KEY.txt | ||
| − | + | =set the base config= | |
| − | > /etc/opendkim | + | *cat<<HERE> /etc/opendkim.conf |
| − | + | <pre> | |
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
InternalHosts refile:/etc/opendkim/trusted | InternalHosts refile:/etc/opendkim/trusted | ||
ExternalIgnoreList refile:/etc/opendkim/trusted | ExternalIgnoreList refile:/etc/opendkim/trusted | ||
| Zeile 46: | Zeile 44: | ||
OversignHeaders From | OversignHeaders From | ||
UserID opendkim:opendkim | UserID opendkim:opendkim | ||
| − | + | HERE | |
| − | + | </pre> | |
| − | + | =Set the overriding config= | |
| − | echo "RUNDIR=/var/run/opendkim" > /etc/default/opendkim | + | *echo "RUNDIR=/var/run/opendkim" > /etc/default/opendkim |
| − | + | =Fix permissions and ownership= | |
| − | + | *chown -R opendkim:opendkim /etc/opendkim | |
| − | chown -R opendkim:opendkim /etc/opendkim | + | *chmod -R go-rwx /etc/opendkim/keys |
| − | chmod -R go-rwx /etc/opendkim/keys | + | =Edit= |
| − | + | ==master=== | |
| − | + | *vi /etc/univention/templates/files/etc/postfix/master.cf.d/30_antivir | |
| − | ## and add below "127.0.0.1:10025 inet n......." | + | ## and add below "127.0.0.1:10025 inet n......." |
| − | |||
-o smtpd_milters= | -o smtpd_milters= | ||
| + | ==main== | ||
| + | *vi/etc/univention/templates/files/etc/postfix/main.cf.d/10_general | ||
| + | ## and add below basic path definitions | ||
| − | + | #opendkim definitions | |
| − | + | milter_default_action = accept | |
| − | + | milter_protocol = 6 | |
| − | #opendkim definitions | + | smtpd_milters = inet:localhost:12345 |
| − | milter_default_action = accept | + | non_smtpd_milters = inet:localhost:12345 |
| − | milter_protocol = 6 | + | =Registry= |
| − | smtpd_milters = inet:localhost:12345 | + | *univention-config-registry commit /etc/postfix/master.cf |
| − | non_smtpd_milters = inet:localhost:12345 | + | *univention-config-registry commit /etc/postfix/main.cf |
| − | + | *service postfix restart | |
| − | |||
| − | univention-config-registry commit /etc/postfix/master.cf | ||
| − | univention-config-registry commit /etc/postfix/main.cf | ||
| − | service postfix restart | ||
| − | + | =Der TXT Record muss in die Zonendatei= | |
| − | + | *cat /etc/opendkim/keys/yourdomaincom.txt | |
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | #Now: go to the UCS management Portal: Domain->DNS->yourdomain.com and create a TXT record in zone yourdomain.com: | + | #Now: go to the UCS management Portal: Domain->DNS->yourdomain.com and create a TXT record in zone yourdomain.com: |
| − | #TXT: name=202008._domainkey value=//the_verifiered_key_copied_from_https://dkimcore.org/c/keycheck// | + | #TXT: name=202008._domainkey value=//the_verifiered_key_copied_from_https://dkimcore.org/c/keycheck// |
| − | opendkim-testkey -d | + | =Test TXT Record= |
| − | ### output should look like this: | + | *host -t TXT 202008._domainkey.$DOMAIN |
| − | # opendkim-testkey: using default configfile /etc/opendkim.conf | + | =TEST= |
| − | # opendkim-testkey: checking key '202008._domainkey.yourdomain.com' | + | *opendkim-testkey -d $DOMAIN -s 202008 -vvv |
| − | # opendkim-testkey: key not secure | + | ### output should look like this: |
| − | # opendkim-testkey: key OK | + | # opendkim-testkey: using default configfile /etc/opendkim.conf |
| − | ### do NOT worry about key not secure, this is OK if you do not use DNSSEC | + | # opendkim-testkey: checking key '202008._domainkey.yourdomain.com' |
| − | ########### MANUAL TASK ABOVE ######################## | + | # opendkim-testkey: key not secure |
| − | ###################################################### | + | # opendkim-testkey: key OK |
| + | ### do NOT worry about key not secure, this is OK if you do not use DNSSEC | ||
| + | ########### MANUAL TASK ABOVE ######################## | ||
| + | ###################################################### | ||
| − | + | =check final config= | |
| − | + | *https://www.mail-tester.com/ | |
| + | [[Datei:Dkim.1.png]] | ||
Aktuelle Version vom 13. Dezember 2021, 11:49 Uhr
Install DKIM
- helpful links:
- https://help.univention.com/t/dkim-txt-dns-recort-problem/11190/5
- https://www.cubewerk.de/2017/12/04/spf-und-dkim-mit-univention-ucs-server/
- https://kofler.info/dkim-konfiguration-fuer-postfix/
- univention-install -yy opendkim opendkim-tools
Konfig
- mkdir -p /etc/opendkim/keys
- DOMAIN=xxx.de
- KEY=xxx
- cat<<HERE > /etc/opendkim/trusted
127.0.0.1 :1 localhost $DOMAIN HERE
- echo "*@$DOMAIN $KEY" > /etc/opendkim/signing.table
- echo "$KEY $DOMAIN:202008:/etc/opendkim/keys/$KEY.private" > /etc/opendkim/key.table
Erzeugung der Schlüssel
- cd /etc/opendkim
- opendkim-genkey -d $DOMAIN -b 4096 -r -s 202008
- mv *.private keys/$KEY.private
- mv *.txt keys/$KEY.txt
set the base config
- cat<<HERE> /etc/opendkim.conf
InternalHosts refile:/etc/opendkim/trusted ExternalIgnoreList refile:/etc/opendkim/trusted SigningTable refile:/etc/opendkim/signing.table KeyTable refile:/etc/opendkim/key.table SignatureAlgorithm rsa-sha256 AutoRestart yes AutoRestartRate 10/1h Syslog yes SyslogSuccess yes LogWhy yes UMask 002 Canonicalization relaxed/simple Mode sv Socket inet:12345@localhost PidFile /var/run/opendkim/opendkim.pid OversignHeaders From UserID opendkim:opendkim HERE
Set the overriding config
- echo "RUNDIR=/var/run/opendkim" > /etc/default/opendkim
Fix permissions and ownership
- chown -R opendkim:opendkim /etc/opendkim
- chmod -R go-rwx /etc/opendkim/keys
Edit
master=
- vi /etc/univention/templates/files/etc/postfix/master.cf.d/30_antivir
## and add below "127.0.0.1:10025 inet n......."
-o smtpd_milters=
main
- vi/etc/univention/templates/files/etc/postfix/main.cf.d/10_general
## and add below basic path definitions
#opendkim definitions milter_default_action = accept milter_protocol = 6 smtpd_milters = inet:localhost:12345 non_smtpd_milters = inet:localhost:12345
Registry
- univention-config-registry commit /etc/postfix/master.cf
- univention-config-registry commit /etc/postfix/main.cf
- service postfix restart
Der TXT Record muss in die Zonendatei
- cat /etc/opendkim/keys/yourdomaincom.txt
#Now: go to the UCS management Portal: Domain->DNS->yourdomain.com and create a TXT record in zone yourdomain.com: #TXT: name=202008._domainkey value=//the_verifiered_key_copied_from_https://dkimcore.org/c/keycheck//
Test TXT Record
- host -t TXT 202008._domainkey.$DOMAIN
TEST
- opendkim-testkey -d $DOMAIN -s 202008 -vvv
### output should look like this: # opendkim-testkey: using default configfile /etc/opendkim.conf # opendkim-testkey: checking key '202008._domainkey.yourdomain.com' # opendkim-testkey: key not secure # opendkim-testkey: key OK ### do NOT worry about key not secure, this is OK if you do not use DNSSEC ########### MANUAL TASK ABOVE ######################## ######################################################
check final config
