ateliers:serveurmail:dkimproxy
Ceci est une ancienne révision du document !
On a d'abord tenté d'utiliser opendkim qui est un logiciel avec moins de dépendances mais qui semble être compatible seulement avec postfix. On a donc choisi d'utiliser dkimproxy
$ apt-get install dkimproxy
Nous avons commencé à modifier les configurations /etc/dkimproxy/dkimproxy_in.conf et /etc/dkimproxy/dkimproxy_out.conf.
/etc/dkimproxy/dkimproxy_in.conf # specify what address/port DKIMproxy should listen on listen 127.0.0.1:10026 # specify what address/port DKIMproxy forwards mail to relay 127.0.0.1:10024
/etc/dkimproxy/dkimproxy_out.conf # specify what address/port DKIMproxy should listen on listen 127.0.0.1:10028 # specify what address/port DKIMproxy forwards mail to relay 127.0.0.1:10029 # specify what domains DKIMproxy can sign for (comma-separated, no spaces) domain anarcha.pink # specify what signatures to add signature dkim(a=rsa-sha256,c=relaxed) signature domainkeys(a=rsa-sha1,c=nofws) # specify location of the private key keyfile /etc/dkimproxy/private.key # specify the selector (i.e. the name of the key record put in DNS) selector mail # control how many processes DKIMproxy uses # - more information on these options (and others) can be found by # running `perldoc Net::Server::PreFork'. #min_servers 5 #min_spare_servers 2
Nous avons généré les clés dkim en utilisant la commande openssl openssl
$ openssl genrsa -out private.key 2048 $ openssl rsa -in private.key -pubout -out public.key $ chown dkimproxy: private.key
Nous avons modifié aussi la configuration par défaut
/etc/default/dkimproxy # Default configuration for dkimproxy. # which daemons whould be run; anything other than '1' will disable a daemon # default: 1 RUN_DKIMPROXY_OUT=1 RUN_DKIMPROXY_IN=1 # The following variables specify configuration to be passed as arguments to # the dkimproxy daemons. If a variable is commented out, the default value # within the /etc/init.d/dkimproxy script will be used. If a variable is unset # or set to an empty value, the corresponding argument will be omitted from # the dkimproxy command line, and dkimproxy is free to read a value from its # own configuration file or use its own default value. # configuration file to use for dkimproxy.in # default: "/etc/dkimproxy/dkimproxy_in.conf" DKIMPROXY_IN_CONF="/etc/dkimproxy/dkimproxy_in.conf" # configuration file to use for dkimproxy.out # default: "/etc/dkimproxy/dkimproxy_out.conf" DKIMPROXY_OUT_CONF="/etc/dkimproxy/dkimproxy_out.conf" # user and group of the dkimproxy daemons # default: dkimproxy #DKIMPROXYUSER=dkimproxy #DKIMPROXYGROUP=dkimproxy # hostname for verification "Authentication-Results" header # Feel free to use hostname -f if that fits you, but then make # sure that your DNS dkim key entry is setup accordingly with # something like _domainkey.mx.example.com # default: `hostname -d` #DKIM_HOSTNAME=`hostname -d` DKIM_HOSTNAME='anarcha.pink' # domains to sign for; specify multiple domains separated by commas # default: `hostname -d` and domains parsed from /var/lib/dtc/etc/local_domains #DOMAIN=`hostname -d` DOMAIN='anarcha.pink' # Number of pre-forked process that dkimproxy should keep ready for action. # The best value for performances is 5 on a single core server. It would # seem reasonable to add at least one process per core on your server. # Each process will take about 2MB of RAM, so with a value of 2 for both # the in and the out daemon, dkimproxy will use 10/12 MB of RAM. # default: 5 #DKIMPROXY_IN_MIN_SERVERS=5 #DKIMPROXY_OUT_MIN_SERVERS=5
ateliers/serveurmail/dkimproxy.1518961482.txt.gz · Dernière modification : 2018/02/18 14:44 de sakasama