859
edits
Changes
Jump to navigation
Jump to search
mLine 822:
Line 822: + + − to activate it: − create a folder+ + + − and then+ Line 834:
Line 837: − and for each domain you want to sign + − then create a fragment:+ Line 868:
Line 871: + + + + + + + + + + + + + + + + + +
→Domain Authentication: More small edits
To facilitate this support for DomainKeys and DKIM signing needs to be enabled in SME's mail subsystem. These techniques require the adding of records in the DNS zone for the user's domain. The DKIM/DK/SPF/SenderID configuration has to be added to your your DNS server / registrar.
To facilitate this support for DomainKeys and DKIM signing needs to be enabled in SME's mail subsystem. These techniques require the adding of records in the DNS zone for the user's domain. The DKIM/DK/SPF/SenderID configuration has to be added to your your DNS server / registrar.
==DKIM Setup==
A plugin has been written and is available in SME
A plugin has been written and is available in SME
To activate it:-
Create a folder:
mkdir /var/service/qpsmtpd/config/dkimkeys/
mkdir /var/service/qpsmtpd/config/dkimkeys/
Then:
cd /var/service/qpsmtpd/config/dkimkeys/
cd /var/service/qpsmtpd/config/dkimkeys/
openssl genrsa -out dkim.private 1024
openssl genrsa -out dkim.private 1024
chown qpsmtpd:qpsmtpd -R /var/service/qpsmtpd/config/dkimkeys/
chown qpsmtpd:qpsmtpd -R /var/service/qpsmtpd/config/dkimkeys/
chmod 0700 dkim.private
chmod 0700 dkim.private
For each domain you want to sign:
cp -a dkim.private domainename.ext.private
cp -a dkim.private domainename.ext.private
Then create a fragment:
mkdir --parent /etc/e-smith/templates-custom/var/service/qpsmtpd/config/peers/local
mkdir --parent /etc/e-smith/templates-custom/var/service/qpsmtpd/config/peers/local
echo "dkim_sign keys dkim">/etc/e-smith/templates-custom/var/service/qpsmtpd/config/peers/local/69dkim_sign
echo "dkim_sign keys dkim">/etc/e-smith/templates-custom/var/service/qpsmtpd/config/peers/local/69dkim_sign
{{Tip box|msg=You can verify that your settings are correct by sending an email to [mailto:check-auth@verifier.port25.com check-auth@verifier.port25.com], a free service the purpose of which is to verify if your domain does not contradict mail policies. Please check the answer carefully. See [[bugzilla:4558#c6]] }}
{{Tip box|msg=You can verify that your settings are correct by sending an email to [mailto:check-auth@verifier.port25.com check-auth@verifier.port25.com], a free service the purpose of which is to verify if your domain does not contradict mail policies. Please check the answer carefully. See [[bugzilla:4558#c6]] }}
See also : [[bugzilla:8251]] [[bugzilla:8252]]
==Domain Keys==
There is a plugin to check incoming mail has been signed
Please read here for more details : http://bugs.contribs.org/show_bug.cgi?id=4569
{{Warning box|msg=There is a plugin for signing with DomainKeys but it is not installed by default. It has not been tested on Koozali SME Server:
http://wiki.qpsmtpd.org/doku.php?id=plugins:spam:domainkeys_sign}}
==Other information==
DomainKeys seem to be deprecated in favour of DKIM.
The DomainKeys plugin only CHECKS incoming email. Spamassassin checks for DKIM.
===Temporary_error_on_maildir_delivery===
===Temporary_error_on_maildir_delivery===