Nous avons d'abord tenté d'utiliser [[http://www.opendkim.org/|opendkim]] qui est un logiciel avec moins de dépendances mais qui semble être compatible seulement avec postfix. Nous avons donc choisi d'utiliser [[http://dkimproxy.sourceforge.net/|dkimproxy]]. $ apt-get install dkimproxy Nous avons commencé à modifier les configurations /etc/dkimproxy/dkimproxy_in.conf et /etc/dkimproxy/dkimproxy_out.conf. # specify what address/port DKIMproxy should listen on listen 127.0.0.1:10026 # specify what address/port DKIMproxy forwards mail to relay 127.0.0.1:10024 # specify what address/port DKIMproxy should listen on listen 127.0.0.1:10028 # specify what address/port DKIMproxy forwards mail to relay 127.0.0.1:10029 # specify what domains DKIMproxy can sign for (comma-separated, no spaces) domain anarcha.pink # specify what signatures to add signature dkim(a=rsa-sha256,c=relaxed) signature domainkeys(a=rsa-sha1,c=nofws) # specify location of the private key keyfile /etc/dkimproxy/private.key # specify the selector (i.e. the name of the key record put in DNS) selector mail # control how many processes DKIMproxy uses # - more information on these options (and others) can be found by # running `perldoc Net::Server::PreFork'. #min_servers 5 #min_spare_servers 2 Nous avons généré les clés dkim en utilisant la commande openssl [[https://wiki.openssl.org/index.php/Manual:Openssl(1)|openssl]] : une clé privée, puis une clé publique générée depuis la clé privée, et nous avons du changer les permissions de la clé privée pour que cela fonctionne. $ openssl genrsa -out private.key 2048 $ openssl rsa -in private.key -pubout -out public.key $ chown dkimproxy: private.key Nous avons modifié aussi la configuration par défaut # Default configuration for dkimproxy. # which daemons whould be run; anything other than '1' will disable a daemon # default: 1 RUN_DKIMPROXY_OUT=1 RUN_DKIMPROXY_IN=1 # The following variables specify configuration to be passed as arguments to # the dkimproxy daemons. If a variable is commented out, the default value # within the /etc/init.d/dkimproxy script will be used. If a variable is unset # or set to an empty value, the corresponding argument will be omitted from # the dkimproxy command line, and dkimproxy is free to read a value from its # own configuration file or use its own default value. # configuration file to use for dkimproxy.in # default: "/etc/dkimproxy/dkimproxy_in.conf" DKIMPROXY_IN_CONF="/etc/dkimproxy/dkimproxy_in.conf" # configuration file to use for dkimproxy.out # default: "/etc/dkimproxy/dkimproxy_out.conf" DKIMPROXY_OUT_CONF="/etc/dkimproxy/dkimproxy_out.conf" # user and group of the dkimproxy daemons # default: dkimproxy #DKIMPROXYUSER=dkimproxy #DKIMPROXYGROUP=dkimproxy # hostname for verification "Authentication-Results" header # Feel free to use hostname -f if that fits you, but then make # sure that your DNS dkim key entry is setup accordingly with # something like _domainkey.mx.example.com # default: `hostname -d` #DKIM_HOSTNAME=`hostname -d` DKIM_HOSTNAME='anarcha.pink' # domains to sign for; specify multiple domains separated by commas # default: `hostname -d` and domains parsed from /var/lib/dtc/etc/local_domains #DOMAIN=`hostname -d` DOMAIN='anarcha.pink' # Number of pre-forked process that dkimproxy should keep ready for action. # The best value for performances is 5 on a single core server. It would # seem reasonable to add at least one process per core on your server. # Each process will take about 2MB of RAM, so with a value of 2 for both # the in and the out daemon, dkimproxy will use 10/12 MB of RAM. # default: 5 #DKIMPROXY_IN_MIN_SERVERS=5 #DKIMPROXY_OUT_MIN_SERVERS=5 La configuration de dkimproxy a nécessité de modifier la configuration d'[[opensmtpd|opensmtpd]]. Elle a aussi nécessité l'édition de la configuration DNS auprès de notre registrar (gandi).