Changes

Jump to navigation Jump to search
591 bytes added ,  17:55, 8 July 2014
m
→‎Domain Authentication: More small edits
Line 822: Line 822:     
To facilitate this support for DomainKeys and DKIM signing needs to be enabled in SME's mail subsystem. These techniques require the adding of records in the DNS zone for the user's domain. The DKIM/DK/SPF/SenderID configuration has to be added to your your DNS server / registrar.
 
To facilitate this support for DomainKeys and DKIM signing needs to be enabled in SME's mail subsystem. These techniques require the adding of records in the DNS zone for the user's domain. The DKIM/DK/SPF/SenderID configuration has to be added to your your DNS server / registrar.
 +
 +
==DKIM Setup==
    
A plugin has been written and is available in SME
 
A plugin has been written and is available in SME
to activate it:
     −
create a folder
+
To activate it:-
 +
 
 +
Create a folder:
 
  mkdir /var/service/qpsmtpd/config/dkimkeys/
 
  mkdir /var/service/qpsmtpd/config/dkimkeys/
and then
+
Then:
 
  cd /var/service/qpsmtpd/config/dkimkeys/
 
  cd /var/service/qpsmtpd/config/dkimkeys/
 
  openssl genrsa -out dkim.private 1024
 
  openssl genrsa -out dkim.private 1024
Line 834: Line 837:  
  chown qpsmtpd:qpsmtpd -R /var/service/qpsmtpd/config/dkimkeys/
 
  chown qpsmtpd:qpsmtpd -R /var/service/qpsmtpd/config/dkimkeys/
 
  chmod 0700 dkim.private
 
  chmod 0700 dkim.private
and for each domain you want to sign  
+
For each domain you want to sign:
 
  cp -a dkim.private domainename.ext.private
 
  cp -a dkim.private domainename.ext.private
then create a fragment:
+
Then create a fragment:
 
  mkdir --parent /etc/e-smith/templates-custom/var/service/qpsmtpd/config/peers/local
 
  mkdir --parent /etc/e-smith/templates-custom/var/service/qpsmtpd/config/peers/local
 
  echo "dkim_sign keys dkim">/etc/e-smith/templates-custom/var/service/qpsmtpd/config/peers/local/69dkim_sign
 
  echo "dkim_sign keys dkim">/etc/e-smith/templates-custom/var/service/qpsmtpd/config/peers/local/69dkim_sign
Line 868: Line 871:     
{{Tip box|msg=You can verify that your settings are correct by sending an email to [mailto:check-auth@verifier.port25.com check-auth@verifier.port25.com], a free service the purpose of which is to verify if your domain does not contradict mail policies. Please check the answer carefully. See [[bugzilla:4558#c6]] }}
 
{{Tip box|msg=You can verify that your settings are correct by sending an email to [mailto:check-auth@verifier.port25.com check-auth@verifier.port25.com], a free service the purpose of which is to verify if your domain does not contradict mail policies. Please check the answer carefully. See [[bugzilla:4558#c6]] }}
 +
 +
See also : [[bugzilla:8251]] [[bugzilla:8252]]
 +
 +
==Domain Keys==
 +
 +
There is a plugin to check incoming mail has been signed
 +
 +
Please read here for more details : http://bugs.contribs.org/show_bug.cgi?id=4569
 +
 +
{{Warning box|msg=There is a plugin for signing with DomainKeys but it is not installed by default. It has not been tested on Koozali SME Server:
 +
 +
http://wiki.qpsmtpd.org/doku.php?id=plugins:spam:domainkeys_sign}}
 +
 +
==Other information==
 +
 +
DomainKeys seem to be deprecated in favour of DKIM.
 +
 +
The DomainKeys plugin only CHECKS incoming email. Spamassassin checks for DKIM.
    
===Temporary_error_on_maildir_delivery===
 
===Temporary_error_on_maildir_delivery===

Navigation menu