DKIM
De TwisterWiki
apt install opendkim opendkim-tools
- le selector est le nom renseigner au niveau du dns ex: {my_sqlector}._domainkey IN TXT ....
- contenu du fichier /etc/opendkim/opendkim.conf
# Log to syslog Syslog yes # Required to use local socket with MTAs that access the socket as a non- # privileged user (e.g. Postfix) UMask 007 # Sign for example.com with key in /etc/dkimkeys/dkim.key using # selector '2007' (e.g. 2007._domainkey.example.com) Domain {my_tld} KeyFile /etc/opendkim/opendkim.key Selector {my_selector} Socket inet:8892@localhost #Socket local:/var/run/opendkim/opendkim.sock PidFile /var/run/opendkim/opendkim.pid # malicious signatures header fields (From and/or others) between the signer # and the verifier. From is oversigned by default in the Debian pacakge # because it is often the identity key used by reputation systems and thus # somewhat security sensitive. OversignHeaders From ## TrustAnchorFile filename ## default (none) ## ## Specifies a file from which trust anchor data should be read when doing ## DNS queries and applying the DNSSEC protocol. See the Unbound documentation ## at http://unbound.net for the expected format of this file. TrustAnchorFile /usr/share/dns/root.key ## Userid userid ### default (none) ### ### Change to user "userid" before starting normal operation? May include ### a group ID as well, separated from the userid by a colon. # UserID opendkim # Our KeyTable and SigningTable KeyTable refile:/etc/opendkim/KeyTable SigningTable refile:/etc/opendkim/SigningTable # Trusted Hosts ExternalIgnoreList /etc/opendkim/TrustedHosts InternalHosts /etc/opendkim/TrustedHosts
- contenu du fichier /etc/opendkim/Keytable
# nom de domaine nom de domaine selector fichier clef priv {my_tld} {my_tld}:{my_selector}:/etc/opendkim/opendkim.key
- contenu du fichier /etc/opendkim/SigningTable
*@{my_tld} my_tld}