Outils pour utilisateurs

Outils du site


ateliers:serveurmail:dkimproxy

Nous avons d'abord tenté d'utiliser opendkim qui est un logiciel avec moins de dépendances mais qui semble être compatible seulement avec postfix. Nous avons donc choisi d'utiliser dkimproxy.

  $ apt-get install dkimproxy

Nous avons commencé à modifier les configurations /etc/dkimproxy/dkimproxy_in.conf et /etc/dkimproxy/dkimproxy_out.conf.

/etc/dkimproxy/dkimproxy_in.conf
# specify what address/port DKIMproxy should listen on
listen    127.0.0.1:10026
 
# specify what address/port DKIMproxy forwards mail to
relay     127.0.0.1:10024
/etc/dkimproxy/dkimproxy_out.conf
# specify what address/port DKIMproxy should listen on
listen    127.0.0.1:10028
 
# specify what address/port DKIMproxy forwards mail to
relay     127.0.0.1:10029
 
# specify what domains DKIMproxy can sign for (comma-separated, no spaces)
domain    anarcha.pink
 
# specify what signatures to add
signature dkim(a=rsa-sha256,c=relaxed)
signature domainkeys(a=rsa-sha1,c=nofws)
 
# specify location of the private key
keyfile   /etc/dkimproxy/private.key
 
# specify the selector (i.e. the name of the key record put in DNS)
selector  mail
 
# control how many processes DKIMproxy uses
#  - more information on these options (and others) can be found by
#    running `perldoc Net::Server::PreFork'.
#min_servers 5
#min_spare_servers 2

Nous avons généré les clés dkim en utilisant la commande openssl openssl : une clé privée, puis une clé publique générée depuis la clé privée, et nous avons du changer les permissions de la clé privée pour que cela fonctionne.

  $ openssl genrsa -out private.key 2048
  $ openssl rsa -in private.key -pubout -out public.key
  $ chown dkimproxy: private.key
  

Nous avons modifié aussi la configuration par défaut

/etc/default/dkimproxy
# Default configuration for dkimproxy.
 
# which daemons whould be run; anything other than '1' will disable a daemon
# default: 1
RUN_DKIMPROXY_OUT=1
RUN_DKIMPROXY_IN=1
 
# The following variables specify configuration to be passed as arguments to
# the dkimproxy daemons. If a variable is commented out, the default value
# within the /etc/init.d/dkimproxy script will be used. If a variable is unset
# or set to an empty value, the corresponding argument will be omitted from
# the dkimproxy command line, and dkimproxy is free to read a value from its
# own configuration file or use its own default value.
 
# configuration file to use for dkimproxy.in
# default: "/etc/dkimproxy/dkimproxy_in.conf"
DKIMPROXY_IN_CONF="/etc/dkimproxy/dkimproxy_in.conf"
 
# configuration file to use for dkimproxy.out
# default: "/etc/dkimproxy/dkimproxy_out.conf"
DKIMPROXY_OUT_CONF="/etc/dkimproxy/dkimproxy_out.conf"
 
# user and group of the dkimproxy daemons
# default: dkimproxy
#DKIMPROXYUSER=dkimproxy
#DKIMPROXYGROUP=dkimproxy
 
# hostname for verification "Authentication-Results" header
# Feel free to use hostname -f if that fits you, but then make
# sure that your DNS dkim key entry is setup accordingly with
# something like _domainkey.mx.example.com
# default: `hostname -d`
#DKIM_HOSTNAME=`hostname -d`
DKIM_HOSTNAME='anarcha.pink'
 
# domains to sign for; specify multiple domains separated by commas
# default: `hostname -d` and domains parsed from /var/lib/dtc/etc/local_domains
#DOMAIN=`hostname -d`
DOMAIN='anarcha.pink'
 
# Number of pre-forked process that dkimproxy should keep ready for action.
# The best value for performances is 5 on a single core server. It would
# seem reasonable to add at least one process per core on your server.
# Each process will take about 2MB of RAM, so with a value of 2 for both
# the in and the out daemon, dkimproxy will use 10/12 MB of RAM.
# default: 5
#DKIMPROXY_IN_MIN_SERVERS=5
#DKIMPROXY_OUT_MIN_SERVERS=5

La configuration de dkimproxy a nécessité de modifier la configuration d'opensmtpd. Elle a aussi nécessité l'édition de la configuration DNS auprès de notre registrar (gandi).

ateliers/serveurmail/dkimproxy.txt · Dernière modification: 2018/02/18 17:49 par sakasama