Tmail的postfix+domainkey安装

scyzxp
Tmail的postfix+domainkey安装

系统:CentOS5.1

原创:Jacky[开源邮件技术社区]
[url]http://www.thismail.org[/url]

QQ:187159779
Email:[email]jacky@thismail.org[/email]

下载软件

[url]http://nchc.dl.sourceforge.net/sourceforge/dk-milter/dk-milter-1.0.0.tar.gz[/url]

安装dk-milter
[code]tar -zxf dk-milter-1.0.0.tar.gz

cd dk-milter-1.0.0

sh Build -c

sh Build install[/code]

详细使用参数说明
[quote]/usr/bin/dk-filter -h
dk-filter: usage: dk-filter -p socketfile [options]
-a peerlist         file containing list of hosts to ignore
-A                  auto-restart
-b modes            select operating modes
-c canon            canonicalization to use when signing
-C config           configuration info (see man page)
-d domlist          domains to sign
-D                  also sign subdomains
-f                  don't fork-and-exit
-h                  append identifying header
-H                  sign with explicit header lists
-i ilist            file containing list of internal (signing) hosts
-I elist            file containing list of external domain clients
-k                  load a key set instead of a single key
-l                  log activity to system log
-m mtalist          MTA daemon names for which to sign
-M macrolist        MTA macros which enable signing
-o hdrlist          list of headers to omit from signing
-P pidfile          file to which to write pid
-R                  generate verification failure reports
-s keyfile          location of secret key file
-S selector         selector to use when signing
-u userid           change to specified userid
-V                  print version number and terminate[/quote]


复制gentxt.sh到/usr/bin/
[code]cp dk-filter/gentxt.csh /usr/bin/gentxt.sh[/code]

生成txt记录的key
[quote]/usr/bin/gentxt.sh  default postfix.cn

default._domainkey IN TXT "k=rsa; t=y; p=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANFN7AHPRajbA9N2URB0lGptANfauG6/saDGSgwmJxjQUnMQVcP4dkAo3XMljsiRDx3kJRZ1WJU+VRe5yefRofUCAwEAAQ==" ; ----- DomainKey default for postfix.cn[/quote]

把上面生成的txt记录加到postfix.cn的zone中去

复制生成的default.private

[code]cp dk-filter/default.private /tmail/dkim-milter/postfix.cn_default.key.pem[/code]

编辑main.cf

vi /tmail/postfix/etc/main.cf

smtpd_milters = inet:localhost:8891
non_smtpd_milters = inet:localhost:8891

启动dkfilter

[code]/usr/bin/dk-filter -l -p inet:8891@localhost -d postfix.cn -s /tmail/dkim-milter/postfix.cn_default.key.pem -S default[/code]

发邮件到yahoo.com.cn去测试domainkey是否pass
如果一切正常你在yahoo.com.cn的邮件头中看到
[code]Authentication-Results:                mta133.mail.cnb.yahoo.com from=postfix.cn; domainkeys=pass (ok)

DomainKey-Signature:         a=rsa-sha1; s=default; d=postfix.cn; c=simple; q=dns; b=oycNtAJ+tFHP74qVuB7J5qUz0sKYfAE5AadtDCacA61tJCeXScitWAXXUB6e44bq1 Cf0XPFxOQrAI1tnZoJabA==

发件人:        "test@postfix.cn" <[email]test@postfix.cn[/email]>
                Yahoo!域名密钥已经确认这封邮件来自于 postfix.cn. 了解更多、[/code]


参考文档
[url]http://bbs.chinaunix.net/viewthread.php?tid=797739&highlight=abel[/url]

2008-5-27


[url]http://www.thismail.org/bbs/viewthread.php?tid=2834&extra=page%3D1&frombbs=1[/url]

[[i] 本帖最后由 scyzxp 于 2008-5-28 10:06 编辑 [/i]]