Postfix + domainkey + dkfilter

尚未測試成功

domainkeys filter for postfix

[1.] cpan2rpm -i Crypt::OpenSSL::RSA
cpan2rpm -i Mail::Address
cpan2rpm -i MIME::Base64
cpan2rpm -i Net::DNS
cpan2rpm -i Net::Server
cpan2rpm -i Test::More

[2.] wget http://jason.long.name/dkfilter/dkfilter-0.10.tar.gz

tar zxvf dkfilter-0.10.tgz
cd dkfilter-0.10
./configure –prefix=/usr/local/dkfilter
make install

groupadd dkfilter
useradd -g dkfilter -d /usr/local/dkfilter dkfilter

cp init-script.sh /etc/init.d/dkfilter

[3.] 設定 InBound filter，到/usr/local/dkfilter/bin手動執行
./dkfilter.in 127.0.0.1:10025 127.0.0.1:10026

vi /etc/postfix/master.cf:

# ——————————————————————————-|
#
# Before-filter SMTP server. Receive mail from the network and
# pass it to the content filter on localhost port 10025.
#
smtp inet n – n – – smtpd
-o smtpd_proxy_filter=127.0.0.1:10025
-o smtpd_client_connection_count_limit=10
#
# After-filter SMTP server. Receive mail from the content filter on
# localhost port 10026.
#
127.0.0.1:10026 inet n – n – – smtpd
-o smtpd_authorized_xforward_hosts=127.0.0.0/8
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o smtpd_data_restrictions=
-o mynetworks=127.0.0.0/8
-o receive_override_options=no_unknown_recipient_checks

# ——————————————————————————|

postfix reload

設定OutBound filter

openssl genrsa -out private.key 1024
openssl rsa -in private.key -pubout -out public.key

chown -R dkfilter /usr/local/dkfilter

cat public.key

# ——————————————————————
—–BEGIN PUBLIC KEY—–
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDB1BaFBFzw+lCWQ7+5IpUAXzwZ
y11jPxsPzvmQS4Ot+p96olLW1S5ZA89AgfSfjXduN8IurPMaPJ2ZBTk+aYRycPYO
L0ZYmE67h3WH/eYHTH7QeIyLOXRFh5ixLTDACs+WrCOzPVNgDu6jBY5bEOyFBbug
gM2CXak++wpKpK9Y2QIDAQAB
—–END PUBLIC KEY—–
# —————————————————————

vi /var/named/zone.ssorc.tw

testdkfilter._domainkey IN TXT “k=rsa; t=y; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDB1BaFBFzw+lCWQ7+5IpUAXzwZy11jPxsPzvmQS4Ot+96olLW1S5ZA89AgfSfjXduN8IurPMaPJ2ZBTk+aYRycPYOL0ZYmE67h3WH/eYHTH7QeIyLOXRFh5ixLTDACs+rCOzPVNgDu6jBY5bEOyFBbuggM2CXak++wpKpK9Y2QIDAQAB”

手動執行
./dkfilter.out –keyfile=/usr/local/dkfilter/private.key –selector=testdkfilter –domain=ssorc.tw –method=nofws 127.0.0.1:10027 127.0.0.1:10028

vi /etc/postfix/master.cf

# ————————————————–
#
# modify the default submission service to specify a content filter
# and restrict it to local clients and SASL authenticated clients only
#
submission inet n – n – – smtpd
-o smtpd_etrn_restrictions=reject
-o smtpd_sasl_auth_enable=yes
-o content_filter=dksign:[127.0.0.1]:10027
-o receive_override_options=no_address_mappings
-o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject

#
# specify the location of the DomainKeys signing filter
#
dksign unix – – n – 10 smtp
-o smtp_send_xforward_command=yes
-o smtp_discard_ehlo_keywords=8bitmime

#
# service for accepting messages FROM the DomainKeys signing filter
#
127.0.0.1:10028 inet n – n – 10 smtpd
-o content_filter=
-o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
-o smtpd_helo_restrictions=
-o smtpd_client_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
-o smtpd_authorized_xforward_hosts=127.0.0.0/8

# ————————————————–

postfix reload

[4.] 進行測試，到http://domainkeys.sourceforge.net/的”DomainKeys DNS Testing Tools”

參考

http://jason.long.name/dkfilter/
http://www.enterux.com/en/resources/yahoo-domainkeys-howto-debian
http://www.howtoforge.com/how-to-implement-domainkeys-in-postfix-using-dk-milter-centos5.1
http://www.howtoforge.com/postfix-dkim-with-dkim-milter-centos5.1