DKIM導入

1.環境

CentOS 6.7 x86_64

2.OpenDkim設定

epelリポジトリ追加

# rpm -ivh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
# rpm --import http://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-6

opendkimインストール

# yum install opendkim

公開鍵、秘密鍵作成

# opendkim-genkey -D /etc/opendkim/keys -d mylines.org -s 20151108-key

/etc/opendkim/keys/20151108-key.private //秘密鍵
/etc/opendkim/keys/20151108-key.txt //公開鍵

# chown opendkim. /etc/opendkim/keys/20151108-key.* //所有者変更

ゾーンファイルに公開鍵レコードとADSPレコードを追加

# vi /var/named/chroot/var/named/mylines.org.zone

20151108-key._domainkey.mylines.org. IN TXT "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDUbKMp1yzlRGwygs/D5nb5L2Mkui2mvWqiVoETbzttz5XW5+yqwGAigqM9D+PUR7h0vRWrMEMhlOH8FuQJEo9WiDcq6UiZAlbQ4IVaCKiVZi43MfJNNbXFVLAw4mv3A1y0Xvn46QY0FrIvjbOU4JJ2F7FiBzIMY7ER3xFsM35QlwIDAQAB"
_adsp._domainkey.mylines.org. IN TXT "dkim=unknown"

レコード確認

# service named restart
# dig 20151108-key._domainkey.mylines.org txt

;; ANSWER SECTION:
20151108-key._domainkey.mylines.org. 3600 IN TXT "v=DKIM1\; k=rsa\; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDUbKMp1yzlRGwygs/D5nb5L2Mkui2mvWqiVoETbzttz5XW5+yqwGAigqM9D+PUR7h0vRWrMEMhlOH8FuQJEo9WiDcq6UiZAlbQ4IVaCKiVZi43MfJNNbXFVLAw4mv3A1y0Xvn46QY0FrIvjbOU4JJ2F7FiBzIMY7ER3xFsM35QlwIDAQAB"

# dig _adsp._domainkey.mylines.org txt

;; ANSWER SECTION:
_adsp._domainkey.mylines.org. 3600 IN   TXT "dkim=unknown"

OpenDkimのconfファイル変更

# vi /etc/opendkim.conf

Mode    v
　↓
Mode    sv

KeyFile /etc/opendkim/keys/default.private
　↓
#KeyFile /etc/opendkim/keys/default.private

#KeyTable /etc/opendkim/KeyTable
　↓
KeyTable refile:/etc/opendkim/KeyTable

#SigningTable refile:/etc/opendkim/SigningTable
　↓
SigningTable refile:/etc/opendkim/SigningTable

#ExternalIgnoreList refile:/etc/opendkim/TrustedHosts
　↓
ExternalIgnoreList refile:/etc/opendkim/TrustedHosts

#InternalHosts refile:/etc/opendkim/TrustedHosts
　↓
InternalHosts refile:/etc/opendkim/TrustedHosts

# vi /etc/opendkim/KeyTable

#default._domainkey.example.com example.com:default:/etc/opendkim/keys/default.private
20151108-key._domainkey.mylines.org     mylines.org:20151108-key:/etc/opendkim/keys/20151108-key.private

# vi /etc/opendkim/SigningTable

#example.com default._domainkey.example.com
*@mylines.org   20151108-key._domainkey.mylines.org

# vi /etc/opendkim/TrustedHosts

127.0.0.1

OpenDkim スタート&登録

# service opendkim start
# chkconfig opendkim on

3.Postfix設定

# vi /etc/postfix/main.cf //最終行に追加

smtpd_milters = inet:127.0.0.1:8891
non_smtpd_milters = $smtpd_milters
milter_default_action = accept

# service postfix restart //postfix再起動

4.動作確認

1. Mail@mylines.orgからtest@gmail.com宛にテストメールを送る
   メールヘッダ確認

Dkim-Signature：v=1; a=rsa-sha256; c=relaxed/relaxed; d=mylines.org; s=20151108-key; t=1446967794; bh=dYCBGdXYXm7VH/8DhOb6ToDJxu+DlZMIOV3QrmUEzYQ=; h=From:Subject:Date:To:From; b=TdXmM13P/agkXgI+Ne2dHBSxAG1xu7e4dL/5UZl56BiWYA7+eGwF09YlFZCVr5fcN WEAgZIqBIOeu6GpTZTgVkLs0/hpiqVS+ElsRzuUd3g6HJKDYwSQNVHwIXZqddtzc9i IDXa8pK68XOx9pdhg6Sc2mUgYqGjNPjjSkCCT/7s=
Received-Spf：pass (google.com: domain of Mail@mylines.org designates 49.212.197.167 as permitted sender) client-ip=49.212.197.167;
Dkim-Filter：OpenDKIM Filter v2.10.3 mail.mylines.org CE4053E0191
Authentication-Results：mx.google.com; spf=pass (google.com: domain of Mail@mylines.org designates 49.212.197.167 as permitted sender) smtp.mailfrom=Mail@mylines.org; dkim=pass header.i=@mylines.org

1. test@gmail.comからMail@mylines.org宛にテストメールを送る
   # less /var/log/maillog

Nov  8 16:42:34 sakura opendkim[7592]: 9D6733E0191: DKIM verification successful

参考

http://salt.iajapan.org/wpmu/anti_spam/admin/tech/explanation/dkim/
https://blog.apar.jp/linux/856/