DKIMproxy導入記録です。前記事は。
DKIMproxy導入覚書-はまり処満載で撃沈寸前!その1
DKIMproxy導入覚書-はまり処満載で撃沈寸前!その2
DKIMproxy導入覚書-はまり処満載で撃沈寸前!その3
送信ドメイン認証導入総括
今回新サーバに導入の覚書です。
上記手順でインストールは問題なく動作確認もsa-test@sendmail.netへの送信テストの結果は以下
———————————————————————————————————–
sendmail.net Sender Authentication Auto-Responder $Revision: 1.19 $
This
service runs at <sa-test@sendmail.net> and allows
remote users
to perform a simple, automated test to see if different
Sender
Authentication schemes are working. Mail sent to this service
is
checked by our Sender Authentication filters for any valid
credentials or
signatures. A script receives the message, checks
for a special header with
the results of the tests, and composes
this response message based on what it
finds. This response is also
signed with DomainKeys Identified Mail
(DKIM).
Please note that the DKIM filter signing this reply message
conforms
to the latest IETF standard version, and thus may not be successfully
verified by older implementations. If you are using dkim-filter
from
Sendmail, Inc., upgrade to OpenDKIM to be compatible with the
most
recent version of DKIM.
Note that DomainKeys has been removed in
favor of DKIM. Sites still
using DomainKeys should upgrade to DKIM
ASAP.
We hope this service has been helpful to you.
Authentication
System: DomainKeys Identified Mail (DKIM)
Result: DKIM signature confirmed GOOD
Description: Signature
verified, message arrived intact
Reporting host:
services.sendmail.com
More information: http://dkim.org/
Sendmail milter: http://opendkim.org/
Authentication
System: Sender ID
Result: SID data confirmed GOOD
Description: Sending host is authorized for
sending domain
Reporting host: services.sendmail.com
More
information: http://www.microsoft.com/senderid
Sendmail milter: https://sourceforge.net/projects/sid-milter/
Authentication
System: Sender Permitted From (SPF)
Result: SPF
data confirmed GOOD
Description: Sending host is authorized
for sending domain
Reporting host: services.sendmail.com
More information: http://openspf.org/
————————————————————————————————————
と問題なくyahoo.co.jp宛のメールも迷惑メールには振り分けられるもののDKIM及びDomainKey認証の結果は
以下のように問題ありませんでした。
————————————————————————————————————–
抜粋一部伏字From yoshio Fri Feb 15 15:23:32 2013
X-Apparently-To: | **********@yahoo.co.jp via 183.79.100.191; Fri, 15 Feb 2013 15:39:09 +0900 |
Return-Path: | <yoshio@hstech.jp> |
X-YahooFilteredBulk: | 219.105.37.34 |
X-Originating-IP: | [219.105.37.34] |
Received-SPF: | pass (dns.hstech-net.com: domain of yoshio@hstech.jp designates 219.105.37.34 as permitted sender) receiver=dns.hstech-net.com; client-ip=219.105.37.34; envelope-from=yoshio@hstech.jp; |
Authentication-Results: | mta536.mail.kks.yahoo.co.jp from=hstech.jp; domainkeys=pass (ok); dkim=pass (ok) header.i=@hstech.jp |
Received: | from 219.105.37.34 (EHLO dns.hstech-net.com) (219.105.37.34) by mta536.mail.kks.yahoo.co.jp with SMTP; Fri, 15 Feb 2013 15:39:09 +0900 |
Received: | from dns.hstech-net.com (dns.hstech-net.com [127.0.0.1]) by dns.hstech-net.com (Postfix) with ESMTP id 18EF45C0B3F for <ikuko_kimura@yahoo.co.jp>; Fri, 15 Feb 2013 15:23:36 +0900 (JST) |
DKIM-Signature: | v=1; a=rsa-SHA256; c=relaxed; d=hstech.jp; h=message-id :from:to:subject:date:mime-version:content-type :content-transfer-encoding; s=hstech; bh=cm3wifXTQb1BDJmgLrqwHaa Kt7jTusy9rHJ3pkuNlJs=; b=PKkorais8kG257bvNjob63kDv8RAyiuoOu/10/3 EIrbGQr9PTfpd6vPGptkudE+9tfM+6ZXz7bXA+g3Ukyx6OxWr6uQpz45mGYoyJ3l rj8++uXS0V7He26KHkw7FjvV7hXIs+TKPfMrSz9VdOELIiWC0poJNqt0ecuP7SLe jmU0= |
DomainKey-Signature: | a=rsa-SHA1; c=nofws; d=hstech.jp; h=message-id:from :to:subject:date:mime-version:content-type :content-transfer-encoding; q=dns; s=hstech; b=Am5JobuxbZDZVG6Il 6ywnf8z208bZ4fhMnlnf4lfWt3rZPG6lU6EfIspXxkzAWg60Dg4S3NHp3s0LcSjD N13VIFJyLUo5slPTO0ial/81aHdJlcDhzOhhNMgiKayjjWx/Vk6pPyhlgMPUA3CT U6hIlLojIly371xsyPBu+/Fo6w= |
Received: | from hstechPC1 (unknown [192.168.120.100]) by dns.hstech-net.com (Postfix) with ESMTPA id 0869E5C0B3E for <********@yahoo.co.jp>; Fri, 15 Feb 2013 15:23:36 +0900 (JST) |
Message-ID: | <C40F24C9FBA74AA2A816EA703FDDE9D9@hstechPC1> |
From: | “yoshio” <yoshio@hstech.jp> |
以下略
————————————————————————————————————————————————————————-
次に前回問題なかったgmail宛にテストメールを送信しヘッダー情報を確認しました。
すると前回旧サーバでDKIM署名のテストをしたときの結果と異なりました。
前回のAuthentication-Results結果
Authentication-Results: mx.google.com; spf=pass (google.com: domain of yoshio@hstech.net designates 219.105.37.35 as permitted sender) smtp.mail=yoshio@hstech.net
今回のAuthentication-Results結果
Authentication-Results: mx.google.com; spf=pass (google.com: domain of yoshio@hstech.jp designates 219.105.37.34 as permitted sender) smtp.mail=yoshio@hstech.jp;
dkim=neutral (no key) header.i=@ と叱られた
ぬ!no keyってなんじゃい!とここからgoogle先生に教えを請いました。以下次回