DKIM
De TwisterWiki
apt install opendkim opendkim-tools
- le selector est le nom renseigner au niveau du dns ex: {my_sqlector}._domainkey IN TXT ....
- contenu du fichier /etc/opendkim/opendkim.conf
# Log to syslog
Syslog yes
# Required to use local socket with MTAs that access the socket as a non-
# privileged user (e.g. Postfix)
UMask 007
# Sign for example.com with key in /etc/dkimkeys/dkim.key using
# selector '2007' (e.g. 2007._domainkey.example.com)
Domain ${my_tld}
KeyFile /etc/opendkim/opendkim.key
Selector ${my_selector}
Socket inet:8892@localhost
#Socket local:/var/run/opendkim/opendkim.sock
PidFile /var/run/opendkim/opendkim.pid
# malicious signatures header fields (From and/or others) between the signer
# and the verifier. From is oversigned by default in the Debian pacakge
# because it is often the identity key used by reputation systems and thus
# somewhat security sensitive.
OversignHeaders From
## TrustAnchorFile filename
## default (none)
##
## Specifies a file from which trust anchor data should be read when doing
## DNS queries and applying the DNSSEC protocol. See the Unbound documentation
## at http://unbound.net for the expected format of this file.
TrustAnchorFile /usr/share/dns/root.key
## Userid userid
### default (none)
###
### Change to user "userid" before starting normal operation? May include
### a group ID as well, separated from the userid by a colon.
#
UserID opendkim
# Our KeyTable and SigningTable
KeyTable refile:/etc/opendkim/KeyTable
SigningTable refile:/etc/opendkim/SigningTable
# Trusted Hosts
ExternalIgnoreList /etc/opendkim/TrustedHosts
InternalHosts /etc/opendkim/TrustedHosts
- contenu du fichier /etc/opendkim/Keytable
# nom de domaine nom de domaine selector fichier clef priv
{my_tld} {my_tld}:{my_selector}:/etc/opendkim/opendkim.key
- contenu du fichier /etc/opendkim/SigningTable
*@{my_tld} my_tld}