いよいよ署名を付けてみます。
他の設定は済んでいるので、postfixのmaster.cfに記述するだけです。
参考サイト: http://dkimproxy.sourceforge.net/postfix-outbound-howto.html
sasl-authで587番ポートを使用しているのでこのポートに来たメールのみ署名をします。
# # modify the default submission service to specify a content filter
# and restrict it to local clients and SASL authenticated clients only #
submission inet n - n - - smtpd
-o smtpd_etrn_restrictions=reject
-o smtpd_sasl_auth_enable=yes
-o content_filter=dksign:[127.0.0.1]:10027
-o receive_override_options=no_address_mappings
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
マイネットワーク以外からの送信が出来ないのでこの行を追加しました。
-o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
#
# specify the location of the DKIM signing proxy
# Note: we allow "4" simultaneous deliveries here; high-volume sites may
# want a number higher than 4.
# Note: the smtp_discard_ehlo_keywords option requires Postfix 2.2 or
# better. Leave it off if your version does not support it.
#
dksign unix - - n - 4 smtp
-o smtp_send_xforward_command=yes
-o smtp_discard_ehlo_keywords=8bitmime,starttls
#
# service for accepting messages FROM the DKIM signing proxy
#
127.0.0.1:10028 inet n - n - 10 smtpd
-o content_filter=
-o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
-o smtpd_helo_restrictions=
-o smtpd_client_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
-o smtpd_authorized_xforward_hosts=127.0.0.0/8
さていよいよ送信テストです。sa-test@sendmail.net へメールを送信します。
程なく返信メールが来ました、さて結果は、
sendmail.net Sender Authentication Auto-Responder $Revision: 1.19 $ This service runs at <sa-test@sendmail.net> and allows remote users to perform a simple, automated test to see if different Sender Authentication schemes are working. Mail sent to this service is checked by our Sender Authentication filters for any valid credentials or signatures. A script receives the message, checks for a special header with the results of the tests, and composes this response message based on what it finds. This response is also signed with DomainKeys Identified Mail (DKIM). Please note that the DKIM filter signing this reply message conforms to the latest IETF standard version, and thus may not be successfully verified by older implementations. If you are using dkim-filter from Sendmail, Inc., upgrade to OpenDKIM to be compatible with the most recent version of DKIM. Note that DomainKeys has been removed in favor of DKIM. Sites still using DomainKeys should upgrade to DKIM ASAP. We hope this service has been helpful to you. Authentication System: DomainKeys Identified Mail (DKIM) Result: DKIM signature confirmed GOOD Description: Signature verified, message arrived intact Reporting host: services.sendmail.com More information: http://dkim.org/ Sendmail milter: http://opendkim.org/ Authentication System: Sender ID Result: SID data confirmed GOOD Description: Sending host is authorized for sending domain Reporting host: services.sendmail.com More information: http://www.microsoft.com/senderid Sendmail milter: https://sourceforge.net/projects/sid-milter/ Authentication System: Sender Permitted From (SPF) Result: SPF data confirmed GOOD Description: Sending host is authorized for sending domain Reporting host: services.sendmail.com More information: http://openspf.org/
あれっ!
DKIM signature confirmed GOOD
ということは、DNSのドメインキーレコードは正常ということになりますね???
ためしにこちらのサイトで再検証してみました。
http://dkimcore.org/tools/dkimrecordcheck.html
結果は This is a valid DKIM key record
DNSの設定はこのままで良さそうです???あの一日はなんだったんだろう
「DKIMproxy導入覚書-はまり処満載で撃沈寸前!その3」への1件のフィードバック
コメントは停止中です。