Rspamd DKIM: Unterschied zwischen den Versionen

Aus Xinux Wiki
Zur Navigation springen Zur Suche springen
(Die Seite wurde neu angelegt: „=== dkim/mail.key === *cat dkim/mail.key <pre> -----BEGIN PRIVATE KEY----- MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAMat5xX+TcQvePUD LedhtSxwVDYut+bFuxw…“)
 
 
Zeile 120: Zeile 120:
  
  
 +
 +
 +
=== override.d/worker-controller.inc ===
 +
*cat override.d/worker-controller.inc
 +
<pre>
 +
password = "$2$jm57o86qgm1x5p37ka4g8eq5d9erch7w$um5ez3jyzh93mt5y9fsusbke7cq7pxhuk3radsk94ty7yaiuxnqb";
 +
bind_socket = "*:11334";
 +
</pre>
 +
 +
 +
 +
 +
root@dnsgw:/etc/rspamd#
 +
root@dnsgw:/etc/rspamd#
 +
root@dnsgw:/etc/rspamd# vi +4 /usr/local/bin/make-wiki.sh
 +
root@dnsgw:/etc/rspamd# make-wiki.sh dat.list
 +
=== dkim/mail.key ===
 +
*cat dkim/mail.key
 +
<pre>
 +
-----BEGIN PRIVATE KEY-----
 +
MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAMat5xX+TcQvePUD
 +
LedhtSxwVDYut+bFuxwXauzi6Dy6tyPUwqTaTDw5rtk6BzCrAbntRMLBJ+2dsp54
 +
RUu06Xq8CWImL2vzk+W8lTBzBts5YuPWIgSoaSBe4KdwSek4opXUj+lGuyaQqM7N
 +
seKXsAVmYfndCjT8BOYNctrPpcYzAgMBAAECgYBwJ9N/suMrkLDzfyv2pk2kHHUt
 +
cQoXmB+cKAwQVbdMMQsZiw2mCiVnChkOP5e3fZGn560dU/S6Sn9+vd5Acowp4iy7
 +
RGMV9vpAkEdjLJfns1ApKnup1OPX0TeXXOZCSFvt4vVgbxJq7B1k+J0fndIvad2m
 +
3KlQaKxOVYUDinFhYQJBAOetbVo8FSoj/vqe1xT6WynIFPp3626nLRHg68PxoyN1
 +
tnHeCUp/iMD2eiwF5OZXXb4v3KdEz5G6MFx6QoWVK9cCQQDbiZ22O/OZlEY7Rzrd
 +
mTdwAq7JsfwalHEXzf2Snr/StBhUB70GJlhuWTm2xrMF5GVdwqy8UNyO4MpTss9D
 +
Tg0FAkAMvYjJ8YvoaVpYRevmB26D+bDNpVKZHzBnT0sn1131UT/bOy6fnivTELrf
 +
OOPBlwRctR0ZRbt0dBy8uSx3VCC5AkEAvI7xT5EkhFdPDyD51VUAwYr8Vy4w6x9u
 +
F1UMoz8IYM/gSWQwHTUYJQcrw+nb34aw7ZwEQuZs2acHAGaHEDbchQJALs9gu/zn
 +
cnMIb4svI9Ki7THA4wxilVb2/zDtpNveoCLKO6q4nFyWY39x8aiIZ7s08IMZkMGd
 +
A73APthLPbsVjw==
 +
-----END PRIVATE KEY-----
 +
</pre>
 +
 +
 +
=== dkim/mail.txt ===
 +
*cat dkim/mail.txt
 +
<pre>
 +
mail._domainkey IN TXT ( "v=DKIM1; k=rsa;"
 +
"p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDGrecV/k3EL3j1Ay3nYbUscFQ2LrfmxbscF2rs4ug8urcj1MKk2kw8Oa7ZOgcwqwG57UTCwSftnbKeeEVLtOl6vAliJi9r85PlvJUwcwbbOWLj1iIEqGkgXuCncEnpOKKV1I/pRrsmkKjOzbHil7AFZmH53Qo0/ATmDXLaz6XGMwIDAQAB" ) ;
 +
</pre>
 +
 +
 +
=== local.d/dkim_signing.conf ===
 +
*cat local.d/dkim_signing.conf
 +
<pre>
 +
# /etc/rspamd/local.d/dkim_signing.conf
 +
 +
# Enable DKIM signing
 +
enabled = true;
 +
 +
# Default signing configuration
 +
domain {
 +
  it.int {
 +
    selector = "mail";
 +
    path = "/etc/rspamd/dkim/mail.key";
 +
  }
 +
}
 +
 +
use_domain = "header";
 +
allow_username_mismatch = true;
 +
# Sign outbound mail only
 +
sign_authenticated = true;
 +
sign_local = true;
 +
sign_inbound = false;
 +
 +
# Default settings
 +
use_esld = true;
 +
check_pubkey = true;
 +
</pre>
 +
 +
 +
=== local.d/logging.inc ===
 +
*cat local.d/logging.inc
 +
<pre>
 +
level = "debug";
 +
debug_modules = ["dkim_signing"];
 +
</pre>
 +
 +
 +
=== local.d/redis.conf ===
 +
*cat local.d/redis.conf
 +
<pre>
 +
servers = "127.0.0.1:6379";
 +
</pre>
 +
 +
 +
=== override.d/antivirus.conf ===
 +
*cat override.d/antivirus.conf
 +
<pre>
 +
# Antivirus-Modul aktivieren
 +
enabled = true;
 +
 +
clamav {
 +
    # ClamAV als Virenscanner
 +
    type = "clamav";
 +
   
 +
    # Symbol das gesetzt wird wenn ein Virus gefunden wurde
 +
    symbol = "CLAM_VIRUS";
 +
   
 +
    # Verbindung zum ClamAV-Daemon ueber Unix-Socket
 +
    servers = "/var/run/clamav/clamd.ctl";
 +
   
 +
    # Auch Text-MIME-Parts scannen (nicht nur Anhaenge)
 +
    scan_text_mime = true;
 +
   
 +
    # Alle MIME-Teile einzeln scannen
 +
    scan_mime_parts = true;
 +
   
 +
    # Auch sehr kleine Dateien scannen (kein Mindest-Limit)
 +
    min_size = 0;
 +
   
 +
    # Auch Mails ohne Authentifizierung scannen
 +
    scan_unauthenticated = true;
 +
   
 +
    # Streaming-Modus - Mail wird direkt waehrend Empfang gescannt
 +
    stream = true;
 +
   
 +
    # Score von 20 bei Fund - reicht alleine fuer reject (Schwelle 15)
 +
    score = 20.0;
 +
}
 +
</pre>
  
  

Aktuelle Version vom 9. Juni 2026, 14:45 Uhr

dkim/mail.key

  • cat dkim/mail.key
-----BEGIN PRIVATE KEY-----
MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAMat5xX+TcQvePUD
LedhtSxwVDYut+bFuxwXauzi6Dy6tyPUwqTaTDw5rtk6BzCrAbntRMLBJ+2dsp54
RUu06Xq8CWImL2vzk+W8lTBzBts5YuPWIgSoaSBe4KdwSek4opXUj+lGuyaQqM7N
seKXsAVmYfndCjT8BOYNctrPpcYzAgMBAAECgYBwJ9N/suMrkLDzfyv2pk2kHHUt
cQoXmB+cKAwQVbdMMQsZiw2mCiVnChkOP5e3fZGn560dU/S6Sn9+vd5Acowp4iy7
RGMV9vpAkEdjLJfns1ApKnup1OPX0TeXXOZCSFvt4vVgbxJq7B1k+J0fndIvad2m
3KlQaKxOVYUDinFhYQJBAOetbVo8FSoj/vqe1xT6WynIFPp3626nLRHg68PxoyN1
tnHeCUp/iMD2eiwF5OZXXb4v3KdEz5G6MFx6QoWVK9cCQQDbiZ22O/OZlEY7Rzrd
mTdwAq7JsfwalHEXzf2Snr/StBhUB70GJlhuWTm2xrMF5GVdwqy8UNyO4MpTss9D
Tg0FAkAMvYjJ8YvoaVpYRevmB26D+bDNpVKZHzBnT0sn1131UT/bOy6fnivTELrf
OOPBlwRctR0ZRbt0dBy8uSx3VCC5AkEAvI7xT5EkhFdPDyD51VUAwYr8Vy4w6x9u
F1UMoz8IYM/gSWQwHTUYJQcrw+nb34aw7ZwEQuZs2acHAGaHEDbchQJALs9gu/zn
cnMIb4svI9Ki7THA4wxilVb2/zDtpNveoCLKO6q4nFyWY39x8aiIZ7s08IMZkMGd
A73APthLPbsVjw==
-----END PRIVATE KEY-----



dkim/mail.txt

  • cat dkim/mail.txt
mail._domainkey IN TXT ( "v=DKIM1; k=rsa;" 
	"p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDGrecV/k3EL3j1Ay3nYbUscFQ2LrfmxbscF2rs4ug8urcj1MKk2kw8Oa7ZOgcwqwG57UTCwSftnbKeeEVLtOl6vAliJi9r85PlvJUwcwbbOWLj1iIEqGkgXuCncEnpOKKV1I/pRrsmkKjOzbHil7AFZmH53Qo0/ATmDXLaz6XGMwIDAQAB" ) ;



local.d/dkim_signing.conf

  • cat local.d/dkim_signing.conf
# /etc/rspamd/local.d/dkim_signing.conf

# Enable DKIM signing
enabled = true;

# Default signing configuration
domain {
  it.int {
    selector = "mail";
    path = "/etc/rspamd/dkim/mail.key";
  }
}

use_domain = "header";
allow_username_mismatch = true;
# Sign outbound mail only
sign_authenticated = true;
sign_local = true;
sign_inbound = false;

# Default settings
use_esld = true;
check_pubkey = true;



local.d/logging.inc

  • cat local.d/logging.inc
level = "debug";
debug_modules = ["dkim_signing"];



local.d/redis.conf

  • cat local.d/redis.conf
servers = "127.0.0.1:6379";



override.d/antivirus.conf

  • cat override.d/antivirus.conf
# Antivirus-Modul aktivieren
enabled = true;

clamav {
    # ClamAV als Virenscanner
    type = "clamav";
    
    # Symbol das gesetzt wird wenn ein Virus gefunden wurde
    symbol = "CLAM_VIRUS";
    
    # Verbindung zum ClamAV-Daemon ueber Unix-Socket
    servers = "/var/run/clamav/clamd.ctl";
    
    # Auch Text-MIME-Parts scannen (nicht nur Anhaenge)
    scan_text_mime = true;
    
    # Alle MIME-Teile einzeln scannen
    scan_mime_parts = true;
    
    # Auch sehr kleine Dateien scannen (kein Mindest-Limit)
    min_size = 0;
    
    # Auch Mails ohne Authentifizierung scannen
    scan_unauthenticated = true;
    
    # Streaming-Modus - Mail wird direkt waehrend Empfang gescannt
    stream = true;
    
    # Score von 20 bei Fund - reicht alleine fuer reject (Schwelle 15)
    score = 20.0;
}



override.d/worker-controller.inc

  • cat override.d/worker-controller.inc
password = "$2$jm57o86qgm1x5p37ka4g8eq5d9erch7w$um5ez3jyzh93mt5y9fsusbke7cq7pxhuk3radsk94ty7yaiuxnqb";
bind_socket = "*:11334";



root@dnsgw:/etc/rspamd# root@dnsgw:/etc/rspamd# root@dnsgw:/etc/rspamd# vi +4 /usr/local/bin/make-wiki.sh root@dnsgw:/etc/rspamd# make-wiki.sh dat.list

dkim/mail.key

  • cat dkim/mail.key
-----BEGIN PRIVATE KEY-----
MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAMat5xX+TcQvePUD
LedhtSxwVDYut+bFuxwXauzi6Dy6tyPUwqTaTDw5rtk6BzCrAbntRMLBJ+2dsp54
RUu06Xq8CWImL2vzk+W8lTBzBts5YuPWIgSoaSBe4KdwSek4opXUj+lGuyaQqM7N
seKXsAVmYfndCjT8BOYNctrPpcYzAgMBAAECgYBwJ9N/suMrkLDzfyv2pk2kHHUt
cQoXmB+cKAwQVbdMMQsZiw2mCiVnChkOP5e3fZGn560dU/S6Sn9+vd5Acowp4iy7
RGMV9vpAkEdjLJfns1ApKnup1OPX0TeXXOZCSFvt4vVgbxJq7B1k+J0fndIvad2m
3KlQaKxOVYUDinFhYQJBAOetbVo8FSoj/vqe1xT6WynIFPp3626nLRHg68PxoyN1
tnHeCUp/iMD2eiwF5OZXXb4v3KdEz5G6MFx6QoWVK9cCQQDbiZ22O/OZlEY7Rzrd
mTdwAq7JsfwalHEXzf2Snr/StBhUB70GJlhuWTm2xrMF5GVdwqy8UNyO4MpTss9D
Tg0FAkAMvYjJ8YvoaVpYRevmB26D+bDNpVKZHzBnT0sn1131UT/bOy6fnivTELrf
OOPBlwRctR0ZRbt0dBy8uSx3VCC5AkEAvI7xT5EkhFdPDyD51VUAwYr8Vy4w6x9u
F1UMoz8IYM/gSWQwHTUYJQcrw+nb34aw7ZwEQuZs2acHAGaHEDbchQJALs9gu/zn
cnMIb4svI9Ki7THA4wxilVb2/zDtpNveoCLKO6q4nFyWY39x8aiIZ7s08IMZkMGd
A73APthLPbsVjw==
-----END PRIVATE KEY-----


dkim/mail.txt

  • cat dkim/mail.txt
mail._domainkey IN TXT ( "v=DKIM1; k=rsa;" 
	"p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDGrecV/k3EL3j1Ay3nYbUscFQ2LrfmxbscF2rs4ug8urcj1MKk2kw8Oa7ZOgcwqwG57UTCwSftnbKeeEVLtOl6vAliJi9r85PlvJUwcwbbOWLj1iIEqGkgXuCncEnpOKKV1I/pRrsmkKjOzbHil7AFZmH53Qo0/ATmDXLaz6XGMwIDAQAB" ) ;


local.d/dkim_signing.conf

  • cat local.d/dkim_signing.conf
# /etc/rspamd/local.d/dkim_signing.conf

# Enable DKIM signing
enabled = true;

# Default signing configuration
domain {
  it.int {
    selector = "mail";
    path = "/etc/rspamd/dkim/mail.key";
  }
}

use_domain = "header";
allow_username_mismatch = true;
# Sign outbound mail only
sign_authenticated = true;
sign_local = true;
sign_inbound = false;

# Default settings
use_esld = true;
check_pubkey = true;


local.d/logging.inc

  • cat local.d/logging.inc
level = "debug";
debug_modules = ["dkim_signing"];


local.d/redis.conf

  • cat local.d/redis.conf
servers = "127.0.0.1:6379";


override.d/antivirus.conf

  • cat override.d/antivirus.conf
# Antivirus-Modul aktivieren
enabled = true;

clamav {
    # ClamAV als Virenscanner
    type = "clamav";
    
    # Symbol das gesetzt wird wenn ein Virus gefunden wurde
    symbol = "CLAM_VIRUS";
    
    # Verbindung zum ClamAV-Daemon ueber Unix-Socket
    servers = "/var/run/clamav/clamd.ctl";
    
    # Auch Text-MIME-Parts scannen (nicht nur Anhaenge)
    scan_text_mime = true;
    
    # Alle MIME-Teile einzeln scannen
    scan_mime_parts = true;
    
    # Auch sehr kleine Dateien scannen (kein Mindest-Limit)
    min_size = 0;
    
    # Auch Mails ohne Authentifizierung scannen
    scan_unauthenticated = true;
    
    # Streaming-Modus - Mail wird direkt waehrend Empfang gescannt
    stream = true;
    
    # Score von 20 bei Fund - reicht alleine fuer reject (Schwelle 15)
    score = 20.0;
}


override.d/worker-controller.inc

  • cat override.d/worker-controller.inc
password = "$2$jm57o86qgm1x5p37ka4g8eq5d9erch7w$um5ez3jyzh93mt5y9fsusbke7cq7pxhuk3radsk94ty7yaiuxnqb";
bind_socket = "*:11334";