\u3061\u3087\u3063\u3068\u3053\u306e\u8fba\u306b\u3043\u3001DKIM\u8a2d\u5b9a\u3042\u308b\u3093\u3060\u3051\u3069\uff5e\u713c\u3044\u3066\u304b\u306a\u3044\uff5e\uff1f\u3068\u3044\u3046\u308f\u3051\u3067Postfix\u306bDKIM\u3092\u5c0e\u5165\u3057\u3066\u307f\u307e\u3057\u305f\u3002<\/p>\n\n\n\n\n\n\n\n
\u53c2\u8003\u306b\u3057\u305f\u30b5\u30a4\u30c8\u306f DKIM+SPF\u3067\u9001\u4fe1\u30c9\u30e1\u30a4\u30f3\u8a8d\u8a3c\u3057\u3061\u3083\u304a\u3046\uff01 CentOS7+Postfix+OpenDKIM<\/a> yum \u3067\u884c\u304d\u307e\u3059\u3088\uff5e\u30a4\u30af\u30a4\u30af\uff01<\/p>\n\n\n \u9375\u3092\u4fdd\u5b58\u3059\u308b\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u3092\u65b0\u898f\u4f5c\u6210 \u30ef\u30a4\u30eb\u30c9\u30ab\u30fc\u30c9\u7528\u306b\u30b7\u30e7\u30fc\u30c8\u30c9\u30e1\u30a4\u30f3\u3092\u6307\u5b9a\u3057\u307e\u3057\u305f\u3002<\/p>\n\n\n \u9375\u751f\u6210\u306e\u969b\u306b\u3001DKIM\u30ec\u30b3\u30fc\u30c9\u306b\u5fc5\u8981\u306a\u30bb\u30ec\u30af\u30bf\u3092 -s \u30aa\u30d7\u30b7\u30e7\u30f3\u3067\u6307\u5b9a\u3059\u308b\u306e\u3092\u5fd8\u308c\u305a\u3001\u30d3\u30c3\u30c8\u9577\u306fUDP\u306e\u30d1\u30b1\u30c3\u30c8\u30b5\u30a4\u30ba\u306e\u95a2\u4fc2\u3067 -b 1024\u306b\u3059\u308b\u3068\u3046\u307e\u304f\u884c\u304d\u307e\u3057\u305f\u3002<\/p>\n\n\n \u9375\u306e\u6240\u6709\u6a29\u3092\u5909\u66f4<\/p>\n\n\n \u9375\u306e\u5834\u6240\u3092KeyTable\u3067\u6307\u5b9a\u3057\u307e\u3059\u3002<\/p>\n\n\n \u7d9a\u3044\u3066SigningTable \u3092\u8a2d\u5b9a\u3057\u307e\u3059\u3002\u30db\u30b9\u30c8\u6307\u5b9a\u3067\u884c\u304d\u307e\u3057\u305f\u3002<\/p>\n\n\n opendkim.conf \u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb\u306e\u30d0\u30c3\u30af\u30a2\u30c3\u30d7\u3068\u7de8\u96c6<\/p>\n\n\n TrustedHosts\u30d5\u30a1\u30a4\u30eb\u3092\u65b0\u898f\u4f5c\u6210\u3057\u3066\u30ed\u30fc\u30ab\u30eb\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u3092\u8ffd\u52a0\u3057\u307e\u3059\u3002<\/p>\n\n\n opendkim\u518d\u8d77\u52d5\u3001\u81ea\u52d5\u8d77\u52d5\u8a2d\u5b9a\u3001\u6b63\u5e38\u8d77\u52d5\u78ba\u8a8d\u3057\u307e\u3059\u3002<\/p>\n\n\n Postfix\u306e\u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb \/etc\/postfix\/mai.cf \u306e\u6700\u4e0b\u884c\u306bDKIM\u8a2d\u5b9a\u3092\u5165\u308c\u3066 postfix \u518d\u8d77\u52d5\u3002<\/p>\n\n\n \u5148\u307b\u3069\u4f5c\u6210\u3057\u305fDKIM\u306e\u516c\u958b\u9375\u3092\u78ba\u8a8d\u3057\u3066\u3001\u3069\u3046\u305e\u3002<\/p>\n\n\n BIND\u306b\u516c\u958b\u9375\u3092DKIM\u30ec\u30b3\u30fc\u30c9\u3068\u3057\u3066\u30b3\u30d4\u30da\u3057\u3066DNS\u66f4\u65b0\u3059\u308c\u3070DKIM\u5c0e\u5165\u30fb\u30fb\u30fb\u5b8c\u4e86\u3067\u3059\u3002<\/p>\n\n\n SPF\/DKIM\/DMARC \u306a\u3069\u306e\u30c1\u30a7\u30c3\u30af\u3092\u3059\u308b\u30b5\u30a4\u30c8<\/a> \u3067\u81ea\u5206\u306eDKIM\u30ec\u30b3\u30fc\u30c9\u304c\u30c1\u30a7\u30c3\u30af\u3067\u304d\u3066\u3001\u3044\u3044\u30be\uff5e\u3053\u308c\uff01<\/p>\n\n\n\n \u6700\u5f8c\u306b\u3001\u30e1\u30fc\u30eb\u30d8\u30c3\u30c0\u30fc\u3092\u30d1\u30d1\u30d1\u30c3\u3068\u78ba\u8a8d\u3057\u3066\u7d42\u308f\u308a\uff01<\/p>\n\n\n \u30b3\u30d4\u30da\u3067\u30b9\u30df\u30de\u30bb\u30f3\u3002\u30bb\u30f3\u30bb\u30f3\u30b7\u30e3\u30eb<\/p>\n\n\n\n \u53c2\u8003URL: Postfix\u306bDKIM\u8a2d\u5b9a\u3092\u884c\u3063\u305f\u6642\u3001\u30cf\u30de\u3063\u305f\u52d5\u4f5c\u30c6\u30b9\u30c8<\/a><\/p>\n\n\n\n
\u30a2\u30ea\u30b7\u30e3\u30b9\uff01<\/p>\n\n\n\n# yum install epel-release\n# yum install opendkim
# yum install opendkim-tools
<\/span><\/pre>\n\n\n# mkdir -p \/etc\/opendkim\/keys\/mail.stuffy.site<\/span><\/pre>\n\n\n# opendkim-genkey -D \/etc\/opendkim\/keys\/mail.stuffy.site\/ -b 1024 -d stuffy.site -s 20220719<\/span><\/span><\/pre>\n\n\n# chown opendkim:opendkim -R \/etc\/opendkim\/keys\/mail.stuffy.site\/<\/span><\/pre>\n\n\n# vi \/etc\/opendkim\/KeyTable
<\/span>\n# OPENDKIM KEY TABLE\n# To use this file, uncomment the #KeyTable option in \/etc\/opendkim.conf,\n# then uncomment the following line and replace mail.stuffy.site with your domain\n# name, then restart OpenDKIM. Additional keys may be added on separate lines.\n\n#\u30b3\u2191\u30b3\u2193\n20220719._domainkey.mail.stuffy.site mail.stuffy.site:20220719:\/etc\/opendkim\/keys\/mail.stuffy.site\/20220719.private<\/span><\/pre>\n\n\n# vi \/etc\/opendkim\/SigningTable<\/span>\n
\n# NON-WILDCARD EXAMPLE
# If \"file:\" (instead of \"refile:\") is specified in \/etc\/opendkim.conf, then
# wildcards will not work. Instead, full user@host is checked first, then simply host,
# then user@.domain (with all superdomains checked in sequence, so \"foo.example.com\"
# would first check \"user@foo.example.com\", then \"user@.example.com\", then \"user@.com\"),
# then .domain, then user@*, and finally *. See the opendkim.conf(5) man page under
# \"SigningTable\" for more details.
\n#\u30b3\u2191\u30b3\u2193\n*@mail.stuffy.site 20220719._domainkey.mail.stuffy.site<\/span><\/pre>\n\n\n# cp \/etc\/opendkim.conf \/etc\/opendkim.conf.org\n# vi \/etc\/opendkim.conf<\/span>\n\n#Mode v # \u2190 \u30b3\u30e1\u30f3\u30c8\u30a2\u30a6\u30c8
\n\u2193 \u5909\u66f4
\nMode sv\n \n#KeyFile \/etc\/opendkim\/keys\/default.private # \u2190 \u30b3\u30e1\u30f3\u30c8\u30a2\u30a6\u30c8\n \n KeyTable \/etc\/opendkim\/KeyTable # \u2190\u30c1\u30a7\u30c3\u30af\u5916\u3059\n \n SigningTable refile:\/etc\/opendkim\/SigningTable # \u2190\u30c1\u30a7\u30c3\u30af\u5916\u3059 \n \n ExternalIgnoreList refile:\/etc\/opendkim\/TrustedHosts # \u2190\u30c1\u30a7\u30c3\u30af\u5916\u3059 \n \n InternalHosts refile:\/etc\/opendkim\/TrustedHosts # \u2190\u30c1\u30a7\u30c3\u30af\u5916\u3059 <\/pre>\n\n\n# vi \/etc\/opendkim\/TrustedHosts<\/span>\n\n# OPENDKIM TRUSTED HOSTS\n# To use this file, uncomment the #ExternalIgnoreList and\/or the #InternalHosts\n# option in \/etc\/opendkim.conf then restart OpenDKIM. Additional hosts\n# may be added on separate lines (IP addresses, hostnames, or CIDR ranges).\n# The localhost IP (127.0.0.1) should always be the first entry in this file.\n127.0.0.1\n::1\n#host.example.com\n192.168.1.0\/24<\/pre>\n\n\n# systemctl restart opendkim\n# systemctl enable opendkim
# systemctl status opendkim
<\/span><\/pre>\n\n\n# vi \/etc\/postfix\/main.cf
<\/span># \u6700\u4e0b\u884c\u306b\u8ffd\u52a0
#\u30b3\u2191\u30b3\u2193<\/span>
## DKIM\nsmtpd_milters = inet:127.0.0.1:8891\nnon_smtpd_milters = $smtpd_milters\nmilter_default_action = accept<\/pre>\n# systemctl restart postfix<\/span><\/pre>\n\n\n# cat \/etc\/opendkim\/keys\/mail.stuffy.site\/20220719.txt
\uff08\u6ce8\uff1a\u30b5\u30f3\u30d7\u30eb<\/span>\n20220719._domainkey IN TXT ( \"v=DKIM1; k=rsa; \"\n \"p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAreddirepood+4Z6j10dJGLLVb+I+pjX7W+vxpJzWo2KAi\/\/cHs87aM0CRdv53vJdk5pTKC9hcP4L+QHAPe3o6lr15zlQ4KYfc4jIF5cgeIzGXmCsLYwC+8T3uD4PvNBcV\" ) ; ----- DKIM key 20220719 for stuffy.site\n<\/pre>\n\n\n[root@ns1~]# cd \/var\/named
[root@ns1 named]# vi stuffy.site
<\/span>\n IN MX 10 mail.stuffy.site.
mail IN A 116.58.163.6
\n#\u30b3\u2191\u30b3\u2193 \uff08\u6ce8\uff1a\u30b5\u30f3\u30d7\u30eb<\/span>\n20220719._domainkey IN TXT ( \"v=DKIM1; k=rsa; \" \"p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAreddirepood+4Z6j10dJGLLVb+I+pjX7W+vxpJzWo2KAi\/\/cHs87aM0CRdv53vJdk5pTKC9hcP4L+QHAPe3o6lr15zlQ4KYfc4jIF5cgeIzGXmCsLYwC+8T3uD4PvNBcV\" ) ;<\/pre>\n\n\nFrom - Thu Jul 21 16:51:32 2022\nX-Account-Key: account3\nX-UIDL: 0000004b61dfc432\nX-Mozilla-Status: 0001\nX-Mozilla-Status2: 00000000\nX-Mozilla-Keys: \nReturn-Path: <gusachan3@gmail.com>\nX-Original-To: gusachan3@mail.stuffy.site\nDelivered-To: gusachan3@mail.stuffy.site\nReceived-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=209.85.210.177; helo=mail-pf1-f177.google.com; envelope-from=gusachan3@gmail.com; receiver=gusachan3@mail.stuffy.site \nDMARC-Filter: OpenDMARC Filter v1.4.1 mail.stuffy.site 5AE77400E4CE\nAuthentication-Results: mail.stuffy.site; dmarc=pass (p=none dis=none) header.from=gmail.com\nAuthentication-Results: mail.stuffy.site; spf=pass smtp.mailfrom=gmail.com\nDKIM-Filter: OpenDKIM Filter v2.11.0 mail.stuffy.site 5AE77400E4CE\nAuthentication-Results: mail.stuffy.site;\n\tdkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=\"QqMbKW8x\"<\/gusachan3@gmail.com>\nReceived: from mail-pf1-f177.google.com (mail-pf1-f177.google.com [209.85.210.177])\n\tby mail.stuffy.site (Postfix) with ESMTPS id 5AE77400E4CE\n\tfor <gusachan3@mail.stuffy.site>; Thu, 21 Jul 2022 16:51:32 +0900 (JST)\nReceived: by mail-pf1-f177.google.com with SMTP id 17so1092855pfy.0\n for <gusachan3@mail.stuffy.site>; Thu, 21 Jul 2022 00:51:31 -0700 (PDT)\nDKIM-Signature: v=1; a=rsa-sha256; c=relaxed\/relaxed;\n d=gmail.com; s=20210112;<\/gusachan3@mail.stuffy.site><\/gusachan3@mail.stuffy.site><\/pre>\n
Delivered-To: gusachan3@gmail.com\nReceived: by 2002:a92:c909:0:0:0:0:0 with SMTP id t9csp2024360ilp;\n Thu, 21 Jul 2022 10:47:06 -0700 (PDT)\nX-Google-Smtp-Source: AGRyM1vPLejqsADKyn9A6aGgOe+7XI4rJr80xjZWYPPq4bPNe3+HuR+OyaP\/5rlSLYdIhp5NmF23\nX-Received: by 2002:a65:590d:0:b0:41a:2b17:b6f8 with SMTP id f13-20020a65590d000000b0041a2b17b6f8mr18863016pgu.143.1658425626623;\n Thu, 21 Jul 2022 10:47:06 -0700 (PDT)\nARC-Seal:\nARC-Message-Signature:\nARC-Authentication-Results: i=1; mx.google.com;\n spf=pass (google.com: domain of gusachan3@mail.stuffy.site designates 116.58.163.6 as permitted sender) smtp.mailfrom=gusachan3@mail.stuffy.site;\n dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=mail.stuffy.site\nReturn-Path: <gusachan3@mail.stuffy.site>\nReceived: from mail.stuffy.site (mail.stuffy.site. [116.58.163.6])\n by mx.google.com with ESMTPS id r34-20020a635162000000b003fc3e715428si2855874pgl.342.2022.07.21.10.47.06\n for <gusachan3@gmail.com>\n (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128\/128);\n Thu, 21 Jul 2022 10:47:06 -0700 (PDT)\nReceived-SPF: pass (google.com: domain of gusachan3@mail.stuffy.site designates 116.58.163.6 as permitted sender) client-ip=116.58.163.6;\nAuthentication-Results: mx.google.com;\n spf=pass (google.com: domain of gusachan3@mail.stuffy.site designates 116.58.163.6 as permitted sender) smtp.mailfrom=gusachan3@mail.stuffy.site;\n dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=mail.stuffy.site<\/gusachan3@gmail.com><\/gusachan3@mail.stuffy.site><\/pre>\n\n\n