DKIMproxy導入覚書-はまり処満載で撃沈寸前!その3

いよいよ署名を付けてみます。

他の設定は済んでいるので、postfixのmaster.cfに記述するだけです。

参考サイト: http://dkimproxy.sourceforge.net/postfix-outbound-howto.html
sasl-authで587番ポートを使用しているのでこのポートに来たメールのみ署名をします。

# # modify the default submission service to specify a content filter

# and restrict it to local clients and SASL authenticated clients only #

submission  inet  n     -       n       -       -       smtpd

-o smtpd_etrn_restrictions=reject

-o smtpd_sasl_auth_enable=yes

-o content_filter=dksign:[127.0.0.1]:10027

-o receive_override_options=no_address_mappings

-o smtpd_client_restrictions=permit_sasl_authenticated,reject

マイネットワーク以外からの送信が出来ないのでこの行を追加しました。

-o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject

#

# specify the location of the DKIM signing proxy

# Note: we allow "4" simultaneous deliveries here; high-volume sites may

#   want a number higher than 4.

# Note: the smtp_discard_ehlo_keywords option requires Postfix 2.2 or

#   better. Leave it off if your version does not support it.

#

dksign    unix  -       -       n       -       4       smtp

-o smtp_send_xforward_command=yes

-o smtp_discard_ehlo_keywords=8bitmime,starttls

#

# service for accepting messages FROM the DKIM signing proxy

#

127.0.0.1:10028 inet  n  -      n       -       10      smtpd

-o content_filter=

-o receive_override_options=no_unknown_recipient_checks,no_header_body_checks

-o smtpd_helo_restrictions=

-o smtpd_client_restrictions=

-o smtpd_sender_restrictions=

-o smtpd_recipient_restrictions=permit_mynetworks,reject

-o mynetworks=127.0.0.0/8

-o smtpd_authorized_xforward_hosts=127.0.0.0/8

さていよいよ送信テストです。sa-test@sendmail.net へメールを送信します。

程なく返信メールが来ました、さて結果は、

sendmail.net Sender Authentication Auto-Responder $Revision: 1.19 $
This service runs at <sa-test@sendmail.net> and allows remote users

to perform a simple, automated test to see if different Sender

Authentication schemes are working.  Mail sent to this service

is checked by our Sender Authentication filters for any valid

credentials or signatures.  A script receives the message, checks

for a special header with the results of the tests, and composes

this response message based on what it finds.  This response is also

signed with DomainKeys Identified Mail (DKIM).
Please note that the DKIM filter signing this reply message conforms

to the latest IETF standard version, and thus may not be successfully

verified by older implementations.  If you are using dkim-filter from

Sendmail, Inc., upgrade to OpenDKIM to be compatible with the most

recent version of DKIM.
Note that DomainKeys has been removed in favor of DKIM.  Sites still

using DomainKeys should upgrade to DKIM ASAP.
We hope this service has been helpful to you.
Authentication System:       DomainKeys Identified Mail (DKIM)

Result:                   DKIM signature confirmed GOOD 
Description:              Signature verified, message arrived intact

Reporting host:           services.sendmail.com

More information:         http://dkim.org/

Sendmail milter:          http://opendkim.org/
Authentication System:       Sender ID

Result:                   SID data confirmed GOOD

Description:              Sending host is authorized for sending domain

Reporting host:           services.sendmail.com

More information:         http://www.microsoft.com/senderid

Sendmail milter:          https://sourceforge.net/projects/sid-milter/
Authentication System:       Sender Permitted From (SPF)

Result:                   SPF data confirmed GOOD

Description:              Sending host is authorized for sending domain

Reporting host:           services.sendmail.com

More information:         http://openspf.org/

あれっ!

DKIM signature confirmed GOOD

ということは、DNSのドメインキーレコードは正常ということになりますね???

ためしにこちらのサイトで再検証してみました。

http://dkimcore.org/tools/dkimrecordcheck.html

結果は This is a valid DKIM key record

DNSの設定はこのままで良さそうです???あの一日はなんだったんだろう

コメントを残す

メールアドレスが公開されることはありません。 が付いている欄は必須項目です