Archive pour avril 2011

dkim sous debian lenny

Mardi 12 avril 2011

Un petit mémo rapide pour installer signer ses messages (sortant) avec dkim.

Packages nécessaires  (Debian (lenny):

postfix

dkim-filter

dkimproxy

 

Configuration postfix:

/etc/postfix/main.cf

# conf dkim

milter_default_action = accept
milter_protocol = 2
smtpd_milters = inet:localhost:8891

/etc/postfix/master.cf

En début de section:

smtp      inet  n       -       -       -       -       smtpd
-o  content_filter=dksign:[127.0.0.1]:10027

et en fin de section

# declaration du service dksign
dksign unix – - n – 4 smtp
-o smtp_send_xforward_command=yes
-o smtp_discard_ehlo_keywords=8bitmime

127.0.0.1:10028 inet n – n  – 10 smtpd
-o content_filter=
-o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
-o smtpd_helo_restrictions=
-o smtpd_client_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o smtpd_authorized_xforward_hosts=127.0.0.0/8

 

Configuration dkim-filter:

# Sign for example.com with key in /etc/mail/dkim.key using
# selector ’2007′ (e.g. 2007._domainkey.example.com)
Domain            example.com
KeyFile                /etc/dkimproxy/example.key
Selector        dkim
Socket                  inet:8891@localhost

 

dkim-proxy utilise 2 fichiers de config:

dkimproxy_in.conf
# specify what address/port DKIMproxy should listen on
listen    127.0.0.1:10025

# specify what address/port DKIMproxy forwards mail to
relay     127.0.0.1:10024

/etc/dkimproxy/dkimproxy_out.conf
# specify what address/port DKIMproxy should listen on
listen    127.0.0.1:10027

# specify what address/port DKIMproxy forwards mail to
relay     127.0.0.1:10028

# specify what domains DKIMproxy can sign for (comma-separated, no spaces)
# Note that this is set in /etc/init.d/dkimproxy in this Debian package
# unactivate it there if you want to use the config file
domain    example.com

# specify what signatures to add
#signature dkim(c=relaxed)
#signature domainkeys(c=nofws)

# specify location of the private key
keyfile   /etc/dkimproxy/example.com.key

# specify the selector (i.e. the name of the key record put in DNS)
selector  dkim

 

# génération de la paire de clé rsa

openssl genrsa -out example.com.key 1024
openssl rsa -in example.key -pub out -out example.com_pub.key
# vérification de la clé publique dans les dns
dig  dkim._domainkey.example.com txt