Line 822: |
Line 822: |
| | | |
| To facilitate this support for DomainKeys and DKIM signing needs to be enabled in SME's mail subsystem. These techniques require the adding of records in the DNS zone for the user's domain. The DKIM/DK/SPF/SenderID configuration has to be added to your your DNS server / registrar. | | To facilitate this support for DomainKeys and DKIM signing needs to be enabled in SME's mail subsystem. These techniques require the adding of records in the DNS zone for the user's domain. The DKIM/DK/SPF/SenderID configuration has to be added to your your DNS server / registrar. |
| + | |
| + | ==DKIM Setup== |
| | | |
| A plugin has been written and is available in SME | | A plugin has been written and is available in SME |
− | to activate it:
| |
| | | |
− | create a folder
| + | To activate it:- |
| + | |
| + | Create a folder: |
| mkdir /var/service/qpsmtpd/config/dkimkeys/ | | mkdir /var/service/qpsmtpd/config/dkimkeys/ |
− | and then
| + | Then: |
| cd /var/service/qpsmtpd/config/dkimkeys/ | | cd /var/service/qpsmtpd/config/dkimkeys/ |
| openssl genrsa -out dkim.private 1024 | | openssl genrsa -out dkim.private 1024 |
Line 834: |
Line 837: |
| chown qpsmtpd:qpsmtpd -R /var/service/qpsmtpd/config/dkimkeys/ | | chown qpsmtpd:qpsmtpd -R /var/service/qpsmtpd/config/dkimkeys/ |
| chmod 0700 dkim.private | | chmod 0700 dkim.private |
− | and for each domain you want to sign
| + | For each domain you want to sign: |
| cp -a dkim.private domainename.ext.private | | cp -a dkim.private domainename.ext.private |
− | then create a fragment:
| + | Then create a fragment: |
| mkdir --parent /etc/e-smith/templates-custom/var/service/qpsmtpd/config/peers/local | | mkdir --parent /etc/e-smith/templates-custom/var/service/qpsmtpd/config/peers/local |
| echo "dkim_sign keys dkim">/etc/e-smith/templates-custom/var/service/qpsmtpd/config/peers/local/69dkim_sign | | echo "dkim_sign keys dkim">/etc/e-smith/templates-custom/var/service/qpsmtpd/config/peers/local/69dkim_sign |
Line 868: |
Line 871: |
| | | |
| {{Tip box|msg=You can verify that your settings are correct by sending an email to [mailto:check-auth@verifier.port25.com check-auth@verifier.port25.com], a free service the purpose of which is to verify if your domain does not contradict mail policies. Please check the answer carefully. See [[bugzilla:4558#c6]] }} | | {{Tip box|msg=You can verify that your settings are correct by sending an email to [mailto:check-auth@verifier.port25.com check-auth@verifier.port25.com], a free service the purpose of which is to verify if your domain does not contradict mail policies. Please check the answer carefully. See [[bugzilla:4558#c6]] }} |
| + | |
| + | See also : [[bugzilla:8251]] [[bugzilla:8252]] |
| + | |
| + | ==Domain Keys== |
| + | |
| + | There is a plugin to check incoming mail has been signed |
| + | |
| + | Please read here for more details : http://bugs.contribs.org/show_bug.cgi?id=4569 |
| + | |
| + | {{Warning box|msg=There is a plugin for signing with DomainKeys but it is not installed by default. It has not been tested on Koozali SME Server: |
| + | |
| + | http://wiki.qpsmtpd.org/doku.php?id=plugins:spam:domainkeys_sign}} |
| + | |
| + | ==Other information== |
| + | |
| + | DomainKeys seem to be deprecated in favour of DKIM. |
| + | |
| + | The DomainKeys plugin only CHECKS incoming email. Spamassassin checks for DKIM. |
| | | |
| ===Temporary_error_on_maildir_delivery=== | | ===Temporary_error_on_maildir_delivery=== |