Rspamd DKIM: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
(Die Seite wurde neu angelegt: „=== dkim/mail.key === *cat dkim/mail.key <pre> -----BEGIN PRIVATE KEY----- MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAMat5xX+TcQvePUD LedhtSxwVDYut+bFuxw…“) |
|||
| Zeile 120: | Zeile 120: | ||
| + | |||
| + | |||
| + | === override.d/worker-controller.inc === | ||
| + | *cat override.d/worker-controller.inc | ||
| + | <pre> | ||
| + | password = "$2$jm57o86qgm1x5p37ka4g8eq5d9erch7w$um5ez3jyzh93mt5y9fsusbke7cq7pxhuk3radsk94ty7yaiuxnqb"; | ||
| + | bind_socket = "*:11334"; | ||
| + | </pre> | ||
| + | |||
| + | |||
| + | |||
| + | |||
| + | root@dnsgw:/etc/rspamd# | ||
| + | root@dnsgw:/etc/rspamd# | ||
| + | root@dnsgw:/etc/rspamd# vi +4 /usr/local/bin/make-wiki.sh | ||
| + | root@dnsgw:/etc/rspamd# make-wiki.sh dat.list | ||
| + | === dkim/mail.key === | ||
| + | *cat dkim/mail.key | ||
| + | <pre> | ||
| + | -----BEGIN PRIVATE KEY----- | ||
| + | MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAMat5xX+TcQvePUD | ||
| + | LedhtSxwVDYut+bFuxwXauzi6Dy6tyPUwqTaTDw5rtk6BzCrAbntRMLBJ+2dsp54 | ||
| + | RUu06Xq8CWImL2vzk+W8lTBzBts5YuPWIgSoaSBe4KdwSek4opXUj+lGuyaQqM7N | ||
| + | seKXsAVmYfndCjT8BOYNctrPpcYzAgMBAAECgYBwJ9N/suMrkLDzfyv2pk2kHHUt | ||
| + | cQoXmB+cKAwQVbdMMQsZiw2mCiVnChkOP5e3fZGn560dU/S6Sn9+vd5Acowp4iy7 | ||
| + | RGMV9vpAkEdjLJfns1ApKnup1OPX0TeXXOZCSFvt4vVgbxJq7B1k+J0fndIvad2m | ||
| + | 3KlQaKxOVYUDinFhYQJBAOetbVo8FSoj/vqe1xT6WynIFPp3626nLRHg68PxoyN1 | ||
| + | tnHeCUp/iMD2eiwF5OZXXb4v3KdEz5G6MFx6QoWVK9cCQQDbiZ22O/OZlEY7Rzrd | ||
| + | mTdwAq7JsfwalHEXzf2Snr/StBhUB70GJlhuWTm2xrMF5GVdwqy8UNyO4MpTss9D | ||
| + | Tg0FAkAMvYjJ8YvoaVpYRevmB26D+bDNpVKZHzBnT0sn1131UT/bOy6fnivTELrf | ||
| + | OOPBlwRctR0ZRbt0dBy8uSx3VCC5AkEAvI7xT5EkhFdPDyD51VUAwYr8Vy4w6x9u | ||
| + | F1UMoz8IYM/gSWQwHTUYJQcrw+nb34aw7ZwEQuZs2acHAGaHEDbchQJALs9gu/zn | ||
| + | cnMIb4svI9Ki7THA4wxilVb2/zDtpNveoCLKO6q4nFyWY39x8aiIZ7s08IMZkMGd | ||
| + | A73APthLPbsVjw== | ||
| + | -----END PRIVATE KEY----- | ||
| + | </pre> | ||
| + | |||
| + | |||
| + | === dkim/mail.txt === | ||
| + | *cat dkim/mail.txt | ||
| + | <pre> | ||
| + | mail._domainkey IN TXT ( "v=DKIM1; k=rsa;" | ||
| + | "p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDGrecV/k3EL3j1Ay3nYbUscFQ2LrfmxbscF2rs4ug8urcj1MKk2kw8Oa7ZOgcwqwG57UTCwSftnbKeeEVLtOl6vAliJi9r85PlvJUwcwbbOWLj1iIEqGkgXuCncEnpOKKV1I/pRrsmkKjOzbHil7AFZmH53Qo0/ATmDXLaz6XGMwIDAQAB" ) ; | ||
| + | </pre> | ||
| + | |||
| + | |||
| + | === local.d/dkim_signing.conf === | ||
| + | *cat local.d/dkim_signing.conf | ||
| + | <pre> | ||
| + | # /etc/rspamd/local.d/dkim_signing.conf | ||
| + | |||
| + | # Enable DKIM signing | ||
| + | enabled = true; | ||
| + | |||
| + | # Default signing configuration | ||
| + | domain { | ||
| + | it.int { | ||
| + | selector = "mail"; | ||
| + | path = "/etc/rspamd/dkim/mail.key"; | ||
| + | } | ||
| + | } | ||
| + | |||
| + | use_domain = "header"; | ||
| + | allow_username_mismatch = true; | ||
| + | # Sign outbound mail only | ||
| + | sign_authenticated = true; | ||
| + | sign_local = true; | ||
| + | sign_inbound = false; | ||
| + | |||
| + | # Default settings | ||
| + | use_esld = true; | ||
| + | check_pubkey = true; | ||
| + | </pre> | ||
| + | |||
| + | |||
| + | === local.d/logging.inc === | ||
| + | *cat local.d/logging.inc | ||
| + | <pre> | ||
| + | level = "debug"; | ||
| + | debug_modules = ["dkim_signing"]; | ||
| + | </pre> | ||
| + | |||
| + | |||
| + | === local.d/redis.conf === | ||
| + | *cat local.d/redis.conf | ||
| + | <pre> | ||
| + | servers = "127.0.0.1:6379"; | ||
| + | </pre> | ||
| + | |||
| + | |||
| + | === override.d/antivirus.conf === | ||
| + | *cat override.d/antivirus.conf | ||
| + | <pre> | ||
| + | # Antivirus-Modul aktivieren | ||
| + | enabled = true; | ||
| + | |||
| + | clamav { | ||
| + | # ClamAV als Virenscanner | ||
| + | type = "clamav"; | ||
| + | |||
| + | # Symbol das gesetzt wird wenn ein Virus gefunden wurde | ||
| + | symbol = "CLAM_VIRUS"; | ||
| + | |||
| + | # Verbindung zum ClamAV-Daemon ueber Unix-Socket | ||
| + | servers = "/var/run/clamav/clamd.ctl"; | ||
| + | |||
| + | # Auch Text-MIME-Parts scannen (nicht nur Anhaenge) | ||
| + | scan_text_mime = true; | ||
| + | |||
| + | # Alle MIME-Teile einzeln scannen | ||
| + | scan_mime_parts = true; | ||
| + | |||
| + | # Auch sehr kleine Dateien scannen (kein Mindest-Limit) | ||
| + | min_size = 0; | ||
| + | |||
| + | # Auch Mails ohne Authentifizierung scannen | ||
| + | scan_unauthenticated = true; | ||
| + | |||
| + | # Streaming-Modus - Mail wird direkt waehrend Empfang gescannt | ||
| + | stream = true; | ||
| + | |||
| + | # Score von 20 bei Fund - reicht alleine fuer reject (Schwelle 15) | ||
| + | score = 20.0; | ||
| + | } | ||
| + | </pre> | ||
Aktuelle Version vom 9. Juni 2026, 14:45 Uhr
dkim/mail.key
- cat dkim/mail.key
-----BEGIN PRIVATE KEY----- MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAMat5xX+TcQvePUD LedhtSxwVDYut+bFuxwXauzi6Dy6tyPUwqTaTDw5rtk6BzCrAbntRMLBJ+2dsp54 RUu06Xq8CWImL2vzk+W8lTBzBts5YuPWIgSoaSBe4KdwSek4opXUj+lGuyaQqM7N seKXsAVmYfndCjT8BOYNctrPpcYzAgMBAAECgYBwJ9N/suMrkLDzfyv2pk2kHHUt cQoXmB+cKAwQVbdMMQsZiw2mCiVnChkOP5e3fZGn560dU/S6Sn9+vd5Acowp4iy7 RGMV9vpAkEdjLJfns1ApKnup1OPX0TeXXOZCSFvt4vVgbxJq7B1k+J0fndIvad2m 3KlQaKxOVYUDinFhYQJBAOetbVo8FSoj/vqe1xT6WynIFPp3626nLRHg68PxoyN1 tnHeCUp/iMD2eiwF5OZXXb4v3KdEz5G6MFx6QoWVK9cCQQDbiZ22O/OZlEY7Rzrd mTdwAq7JsfwalHEXzf2Snr/StBhUB70GJlhuWTm2xrMF5GVdwqy8UNyO4MpTss9D Tg0FAkAMvYjJ8YvoaVpYRevmB26D+bDNpVKZHzBnT0sn1131UT/bOy6fnivTELrf OOPBlwRctR0ZRbt0dBy8uSx3VCC5AkEAvI7xT5EkhFdPDyD51VUAwYr8Vy4w6x9u F1UMoz8IYM/gSWQwHTUYJQcrw+nb34aw7ZwEQuZs2acHAGaHEDbchQJALs9gu/zn cnMIb4svI9Ki7THA4wxilVb2/zDtpNveoCLKO6q4nFyWY39x8aiIZ7s08IMZkMGd A73APthLPbsVjw== -----END PRIVATE KEY-----
dkim/mail.txt
- cat dkim/mail.txt
mail._domainkey IN TXT ( "v=DKIM1; k=rsa;" "p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDGrecV/k3EL3j1Ay3nYbUscFQ2LrfmxbscF2rs4ug8urcj1MKk2kw8Oa7ZOgcwqwG57UTCwSftnbKeeEVLtOl6vAliJi9r85PlvJUwcwbbOWLj1iIEqGkgXuCncEnpOKKV1I/pRrsmkKjOzbHil7AFZmH53Qo0/ATmDXLaz6XGMwIDAQAB" ) ;
local.d/dkim_signing.conf
- cat local.d/dkim_signing.conf
# /etc/rspamd/local.d/dkim_signing.conf
# Enable DKIM signing
enabled = true;
# Default signing configuration
domain {
it.int {
selector = "mail";
path = "/etc/rspamd/dkim/mail.key";
}
}
use_domain = "header";
allow_username_mismatch = true;
# Sign outbound mail only
sign_authenticated = true;
sign_local = true;
sign_inbound = false;
# Default settings
use_esld = true;
check_pubkey = true;
local.d/logging.inc
- cat local.d/logging.inc
level = "debug"; debug_modules = ["dkim_signing"];
local.d/redis.conf
- cat local.d/redis.conf
servers = "127.0.0.1:6379";
override.d/antivirus.conf
- cat override.d/antivirus.conf
# Antivirus-Modul aktivieren
enabled = true;
clamav {
# ClamAV als Virenscanner
type = "clamav";
# Symbol das gesetzt wird wenn ein Virus gefunden wurde
symbol = "CLAM_VIRUS";
# Verbindung zum ClamAV-Daemon ueber Unix-Socket
servers = "/var/run/clamav/clamd.ctl";
# Auch Text-MIME-Parts scannen (nicht nur Anhaenge)
scan_text_mime = true;
# Alle MIME-Teile einzeln scannen
scan_mime_parts = true;
# Auch sehr kleine Dateien scannen (kein Mindest-Limit)
min_size = 0;
# Auch Mails ohne Authentifizierung scannen
scan_unauthenticated = true;
# Streaming-Modus - Mail wird direkt waehrend Empfang gescannt
stream = true;
# Score von 20 bei Fund - reicht alleine fuer reject (Schwelle 15)
score = 20.0;
}
override.d/worker-controller.inc
- cat override.d/worker-controller.inc
password = "$2$jm57o86qgm1x5p37ka4g8eq5d9erch7w$um5ez3jyzh93mt5y9fsusbke7cq7pxhuk3radsk94ty7yaiuxnqb"; bind_socket = "*:11334";
root@dnsgw:/etc/rspamd#
root@dnsgw:/etc/rspamd#
root@dnsgw:/etc/rspamd# vi +4 /usr/local/bin/make-wiki.sh
root@dnsgw:/etc/rspamd# make-wiki.sh dat.list
dkim/mail.key
- cat dkim/mail.key
-----BEGIN PRIVATE KEY----- MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAMat5xX+TcQvePUD LedhtSxwVDYut+bFuxwXauzi6Dy6tyPUwqTaTDw5rtk6BzCrAbntRMLBJ+2dsp54 RUu06Xq8CWImL2vzk+W8lTBzBts5YuPWIgSoaSBe4KdwSek4opXUj+lGuyaQqM7N seKXsAVmYfndCjT8BOYNctrPpcYzAgMBAAECgYBwJ9N/suMrkLDzfyv2pk2kHHUt cQoXmB+cKAwQVbdMMQsZiw2mCiVnChkOP5e3fZGn560dU/S6Sn9+vd5Acowp4iy7 RGMV9vpAkEdjLJfns1ApKnup1OPX0TeXXOZCSFvt4vVgbxJq7B1k+J0fndIvad2m 3KlQaKxOVYUDinFhYQJBAOetbVo8FSoj/vqe1xT6WynIFPp3626nLRHg68PxoyN1 tnHeCUp/iMD2eiwF5OZXXb4v3KdEz5G6MFx6QoWVK9cCQQDbiZ22O/OZlEY7Rzrd mTdwAq7JsfwalHEXzf2Snr/StBhUB70GJlhuWTm2xrMF5GVdwqy8UNyO4MpTss9D Tg0FAkAMvYjJ8YvoaVpYRevmB26D+bDNpVKZHzBnT0sn1131UT/bOy6fnivTELrf OOPBlwRctR0ZRbt0dBy8uSx3VCC5AkEAvI7xT5EkhFdPDyD51VUAwYr8Vy4w6x9u F1UMoz8IYM/gSWQwHTUYJQcrw+nb34aw7ZwEQuZs2acHAGaHEDbchQJALs9gu/zn cnMIb4svI9Ki7THA4wxilVb2/zDtpNveoCLKO6q4nFyWY39x8aiIZ7s08IMZkMGd A73APthLPbsVjw== -----END PRIVATE KEY-----
dkim/mail.txt
- cat dkim/mail.txt
mail._domainkey IN TXT ( "v=DKIM1; k=rsa;" "p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDGrecV/k3EL3j1Ay3nYbUscFQ2LrfmxbscF2rs4ug8urcj1MKk2kw8Oa7ZOgcwqwG57UTCwSftnbKeeEVLtOl6vAliJi9r85PlvJUwcwbbOWLj1iIEqGkgXuCncEnpOKKV1I/pRrsmkKjOzbHil7AFZmH53Qo0/ATmDXLaz6XGMwIDAQAB" ) ;
local.d/dkim_signing.conf
- cat local.d/dkim_signing.conf
# /etc/rspamd/local.d/dkim_signing.conf
# Enable DKIM signing
enabled = true;
# Default signing configuration
domain {
it.int {
selector = "mail";
path = "/etc/rspamd/dkim/mail.key";
}
}
use_domain = "header";
allow_username_mismatch = true;
# Sign outbound mail only
sign_authenticated = true;
sign_local = true;
sign_inbound = false;
# Default settings
use_esld = true;
check_pubkey = true;
local.d/logging.inc
- cat local.d/logging.inc
level = "debug"; debug_modules = ["dkim_signing"];
local.d/redis.conf
- cat local.d/redis.conf
servers = "127.0.0.1:6379";
override.d/antivirus.conf
- cat override.d/antivirus.conf
# Antivirus-Modul aktivieren
enabled = true;
clamav {
# ClamAV als Virenscanner
type = "clamav";
# Symbol das gesetzt wird wenn ein Virus gefunden wurde
symbol = "CLAM_VIRUS";
# Verbindung zum ClamAV-Daemon ueber Unix-Socket
servers = "/var/run/clamav/clamd.ctl";
# Auch Text-MIME-Parts scannen (nicht nur Anhaenge)
scan_text_mime = true;
# Alle MIME-Teile einzeln scannen
scan_mime_parts = true;
# Auch sehr kleine Dateien scannen (kein Mindest-Limit)
min_size = 0;
# Auch Mails ohne Authentifizierung scannen
scan_unauthenticated = true;
# Streaming-Modus - Mail wird direkt waehrend Empfang gescannt
stream = true;
# Score von 20 bei Fund - reicht alleine fuer reject (Schwelle 15)
score = 20.0;
}
override.d/worker-controller.inc
- cat override.d/worker-controller.inc
password = "$2$jm57o86qgm1x5p37ka4g8eq5d9erch7w$um5ez3jyzh93mt5y9fsusbke7cq7pxhuk3radsk94ty7yaiuxnqb"; bind_socket = "*:11334";