安装一

dkim-filter 安装源 下载地址

wget http://download.fedora.redhat.com/pub/epel/5/i386/dkim-milter-2.8.3-8.el5.i386.rpm

wget http://www.mysfony.com/m/dkim-milter-2.8.3-8.el5.i386.rpm


http://nchc.dl.sourceforge.net/project/dkim-milter/DKIM%20Milter/2.8.3/dkim-milter-2.8.3.tar.gz

rpm -ivh dkim-milter-2.8.3-4.el5.i386.rpm


安装二:

yum install openssl openssl-devel sendmail-devel sendmail

wget -c ftp://ftp.sunet.se/pub/Linux/distributions/fedora/epel/epel/6/x86_64/dkim-milter-2.8.3-8.el6.x86_64.rpm

rpm -ivh dkim-milter-2.8.3-8.el6.x86_64.rpm

------------------------------------------------------------------------------------

mkdir -p /etc/mail/dkim-milter/keys/domain1.com

cd /etc/mail/dkim-milter/keys/domain1.com

dkim-genkey -r -d domain1.com


/usr/sbin/dkim-genkey  -r -d domain1.com


然后把这个default.txt的内容组织一下放到DNS上,增加一条domain=default._domainkey.mail.banping.com的txt记录,内容类似这样:

v=DKIM1;p=MIGfMA0GCSqGSIb898L9LKJ7dDFGNADCBiQKBgQCU1iD47S+n92ZeXKL444Kg7VzkczqN5xZnx6px1C+/hImMNoQvF3X6HXLG1+OzO7s8Odf3lhpqgGWq+atFKT3YUZUY3vAL983LIKJIWo+988QIB5iw1cotBretF0TFWVdf4weNyPrC1Qtvm8kQswIDAQAB" ;

把私钥放到想要的位置: mv default.private /etc/mail/dkim-milter/keys/domain1.com

----------------------------------------------------------------------------------

现在我们对 dkim 配置 ,有两种方法。

第一种是配置keylist

vi /etc/mail/dkim-milter/keys/keylist

*@domain1.com:mail.domain1.com:/etc/mail/dkim-milter/keys/domain1.com/default.private


第二种不动这个文件

把私钥位置配置在dkim-filter.conf文件中,由KeyFile参数指定:


vi /etc/mail/dkim-milter/dkim-filter.conf

----------------------------------------------------------------

ADSPDiscard             yes

ADSPNoSuchDomain        yes

AllowSHA1Only           no

AlwaysAddARHeader       no

AutoRestart             yes

AutoRestartRate         10/1h

BaseDirectory           /var/run/dkim-milter

Canonicalization        simple/simple

#Domain                 domain1.com#add all your domains here and seperate them with comma

#ExternalIgnoreList      /etc/mail/dkim/trusted-hosts

#InternalHosts           /etc/mail/dkim/trusted-hosts

KeyList                  /etc/mail/dkim-milter/keys/keylist

#LocalADSP               /etc/mail/dkim/local-adsp-rules

Mode                    sv

MTA                     MSA

On-Default              reject

On-BadSignature         reject

On-DNSError             tempfail

On-InternalError        accept

On-NoSignature          accept

On-Security             discard

#PidFile                 /var/run/dkim-milter/dkim-milter.pid

#QueryCache              yes

RemoveOldSignatures     yes

Selector                default

SignatureAlgorithm      rsa-sha1

Socket                  inet:20118@localhost

Syslog                  yes

SyslogSuccess           yes

LogWhy                  yes

TemporaryDirectory      /var/tmp

UMask                   022

UserID                  dkim-milter:dkim-milter

X-Header                yes


------------------------------------------------

AutoRestart yes

Domain mail.domain1.com

Selector default

Socket inet:20118@localhost

Syslog Yes

X-Header Yes

KeyFile /etc/mail/dkim-milter/keys/domain1.com/default.private

-------------------------------------------------------------------------------


至此DKIM配置完成,再修改postfix中的配置,在发信的时候启用加密功能:

vi /etc/postfix/main.cf

smtpd_milters = inet:localhost:20118//这里也可以是不使用端口smtpd_milters = unix:/var/run/dkim-milter/dkim-milter.sock

non_smtpd_milters = inet:localhost:20118  //non_smtpd_milters = unix:/var/run/dkim-milter/dkim-milter.sock

milter_protocol = 2

milter_default_action = accept


chown -R dkim-milter.dkim-milter /etc/mail/dkim-milter/keys

service dkim-milter start

service postfix reload

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


然后做一个启动的文件

vi /etc/rc.d/init.d/dkim-milter

##########################################################

#

#

# dkim-milter:

#

# chkconfig: 2345 75 35

# processname: dkim-milter

# description: dkim milter

source /etc/rc.d/init.d/functions

PROG=/usr/sbin/dkim-filter

PID=/var/milter/dkim-milter.pid

CONF=/etc/mail/dkim-filter.conf

SOCKET=inet:20118

DOMAINLIST="域名"

SELECTOR="名字"

KEY="/etc/pki/dkim-milter/${SELECTOR}.private"

ILIST="/etc/pki/dkim-milter/ilist"

RETVAL=0

 start() {

   echo -n $"Starting dkim-milter: "

   $PROG -p $SOCKET -d $DOMAINLIST -k $KEY -l -P $PID -s $SELECTOR -i $ILIST -x $CONF


   RETVAL=$?

   echo

     [ $RETVAL -eq 0 ] && touch /var/lock/subsys/dkim-milter

     return $RETVAL

 }


 stop() {

   echo -n $"Shutting down dkim-milter: "

   killproc $PROG

   RETVAL=$?

   echo

     [ "$RETVAL" = 0 ] && rm -f /var/lock/subsys/dkim-milter

     return $RETVAL

 }


 restart() {

   stop

   start

 }


 case "$1" in

   start)

     start

   ;;

   stop)

     stop

   ;;

   restart)

     restart

   ;;

   status)

     status $PROG

     RETVAL=$?

     ;;

 *)

 echo $"Usage: $0 {start|stop|restart|status}"

 RETVAL=1

 esac

 exit;

##########################################################

然后给权限~

chmod 755 /etc/rc.d/init.d/dkim-milter


上面的做完以后,就可以用

/etc/rc.d/init.d/dkim-milter start

来启动dkim的服务了,通过ps -awxuf | grep dkim可以查看到


可以到以下地址来测试DKIM和SPF服务是否正常:

http://www.brandonchecketts.com/emailtest.php

http://www.openspf.org/Why?show-form=1


来自http://www.banping.com/2011/07/19/postfix-dkim/

http://www.doc88.com/p-184601169276.html