OX DKIM

Aus Xinux Wiki
Version vom 13. Dezember 2021, 10:26 Uhr von Thomas.will (Diskussion | Beiträge) (Die Seite wurde neu angelegt: „=Install DKIM= #helpful links: #https://help.univention.com/t/dkim-txt-dns-recort-problem/11190/5 #https://www.cubewerk.de/2017/12/04/spf-und-dkim-mit-univenti…“)
(Unterschied) ← Nächstältere Version | Aktuelle Version (Unterschied) | Nächstjüngere Version → (Unterschied)
Zur Navigation springen Zur Suche springen

Install DKIM

  1. helpful links:
  2. https://help.univention.com/t/dkim-txt-dns-recort-problem/11190/5
  3. https://www.cubewerk.de/2017/12/04/spf-und-dkim-mit-univention-ucs-server/
  4. https://kofler.info/dkim-konfiguration-fuer-postfix/
  • univention-install -yy opendkim opendkim-tools

Konfig

  • mkdir /etc/opendkim
  • mkdir /etc/opendkim/keys
  • echo -e '
127.0.0.1
:1
localhost
yourdomain
yourdomain.com

' > /etc/opendkim/trusted

echo "*@yourdomain.com yourdomaincom" > /etc/opendkim/signing.table

echo "yourdomaincom yourdomain.com:202008:/etc/opendkim/keys/yourdomaincom.private" \ > /etc/opendkim/key.table

cd /etc/opendkim opendkim-genkey -d yourdomain.com -b 4096 -r -s 202008 mv 202008.private keys/yourdomaincom.private mv 202008.txt keys/yourdomaincom.txt

  1. set the base config

echo -e ' InternalHosts refile:/etc/opendkim/trusted ExternalIgnoreList refile:/etc/opendkim/trusted SigningTable refile:/etc/opendkim/signing.table KeyTable refile:/etc/opendkim/key.table SignatureAlgorithm rsa-sha256 AutoRestart yes AutoRestartRate 10/1h Syslog yes SyslogSuccess yes LogWhy yes UMask 002 Canonicalization relaxed/simple Mode sv Socket inet:12345@localhost PidFile /var/run/opendkim/opendkim.pid OversignHeaders From UserID opendkim:opendkim ' > /etc/opendkim.conf

  1. set the overriding config

echo "RUNDIR=/var/run/opendkim" > /etc/default/opendkim

  1. fix permissions and ownership

chown -R opendkim:opendkim /etc/opendkim chmod -R go-rwx /etc/opendkim/keys

    1. nano /etc/univention/templates/files/etc/postfix/master.cf.d/30_antivir
    2. and add below "127.0.0.1:10025 inet n......."

-o smtpd_milters=

    1. nano /etc/univention/templates/files/etc/postfix/main.cf.d/10_general
    2. and add below basic path definitions
  1. opendkim definitions

milter_default_action = accept milter_protocol = 6 smtpd_milters = inet:localhost:12345 non_smtpd_milters = inet:localhost:12345


univention-config-registry commit /etc/postfix/master.cf univention-config-registry commit /etc/postfix/main.cf service postfix restart


                      2. MANUAL TASK BELOW ########################

IMPORTANT!!! DO NOT SKIP THIS STEP!!!

cat /etc/opendkim/keys/yourdomaincom.txt

  1. This will include some hidden characters, which mess up the server
  2. and extract string like 'v=DKIM1; h=sha256; k=rsa; s=email; p=MIIC......WEROo24==' (without "") for yourdomain.com
  3. check with https://dkimcore.org/c/keycheck
  4. from this website you copy the verified key !!!!! IMPORTANT, DO NOT SKIP!!!!!!
  5. this step will get rid of the bogus characters
  1. Now: go to the UCS management Portal: Domain->DNS->yourdomain.com and create a TXT record in zone yourdomain.com:
  2. TXT: name=202008._domainkey value=//the_verifiered_key_copied_from_https://dkimcore.org/c/keycheck//

opendkim-testkey -d yourdomain.com -s 202008 -vvv

      1. output should look like this:
  2. opendkim-testkey: using default configfile /etc/opendkim.conf
  3. opendkim-testkey: checking key '202008._domainkey.yourdomain.com'
  4. opendkim-testkey: key not secure
  5. opendkim-testkey: key OK
      1. do NOT worry about key not secure, this is OK if you do not use DNSSEC
                      1. MANUAL TASK ABOVE ########################


  1. check final config:
  2. https://www.mail-tester.com/
Abgerufen von „http://wiki.ixheim.de/index.php?title=OX_DKIM&oldid=30475