LUG 邮件服务器添加 DKIM 验证
•
为了减少 LUG 发出的邮件被误判为垃圾邮件,参考 How To Install and Configure DKIM with Postfix on Debian Wheezy,使用 OpenDKIM 为 {blog,freeshell,lug}.ustc.edu.cn 外发的邮件添加了 DKIM 验证。
DKIM 的原理是在每封外发的邮件上附加签名,而这个签名所使用的公钥可以通过查询 mail._domainkey.{blog,freeshell,lug}.ustc.edu.cn 域名的 TXT 记录得到。只要 DNS 系统没有问题,经过了签名的邮件就能确保是该域名的所有者发出的。
感谢 常震 的建议。
Tip: 如何测试你的邮件服务器正确配置了 DKIM?可以用邮件服务器向 [email protected] 发送邮件来检测,你会收到一封测试结果的邮件。看 DKIM check 部分就行。如下是 lug.ustc.edu.cn 的测试结果(DomainKeys 是平行于 DKIM 的另一套签名机制,暂不准备添加)。
==========================================================
Summary of Results
==========================================================
SPF check: pass
DomainKeys check: neutral
DKIM check: pass
Sender-ID check: pass
SpamAssassin check: ham
==========================================================
Details:
==========================================================
HELO hostname: blog.ustc.edu.cn
Source IP: 128.199.232.134
mail-from: [email protected]
----------------------------------------------------------
SPF check details:
----------------------------------------------------------
Result: pass
ID(s) verified: [email protected]
DNS record(s):
lug.ustc.edu.cn. SPF (no records)
lug.ustc.edu.cn. 600 IN TXT "v=spf1 mx a a:ip-list.vpn.ustclug.org ~all"
lug.ustc.edu.cn. 600 IN MX 5 blog.ustc.edu.cn.
blog.ustc.edu.cn. 600 IN A 202.141.176.99
lug.ustc.edu.cn. 600 IN A 202.141.162.123
ip-list.vpn.ustclug.org. 28 IN A 128.199.232.134
ip-list.vpn.ustclug.org. 28 IN A 202.38.93.95
ip-list.vpn.ustclug.org. 28 IN A 128.199.170.5
ip-list.vpn.ustclug.org. 28 IN A 128.199.211.154
ip-list.vpn.ustclug.org. 28 IN A 202.141.176.99
ip-list.vpn.ustclug.org. 28 IN A 202.141.160.99
ip-list.vpn.ustclug.org. 28 IN A 128.199.161.228
----------------------------------------------------------
DomainKeys check details:
----------------------------------------------------------
Result: neutral (message not signed)
ID(s) verified: [email protected]
DNS record(s):
----------------------------------------------------------
DKIM check details:
----------------------------------------------------------
Result: pass (matches From: [email protected])
ID(s) verified: header.d=lug.ustc.edu.cn
Canonicalized Headers:
date:Mon,'20'8'20'Dec'20'2014'20'00:17:17'20'+0800'20'(CST)'0D''0A'
from:[email protected]'20'(Bojie'20'Li)'0D''0A'
dkim-signature:v=1;'20'a=rsa-sha256;'20'c=relaxed/simple;'20'd=lug.ustc.edu.cn;'20's=mail;'20't=1417969044;'20'bh=z6TUz85EdYrACGMHYgZhJGvVy5oQI0dooVMKa2ZT7c4=;'20'h=Date:From;'20'b=
Canonicalized Body:
Hello'20'world!'0D''0A'
DNS record(s):
mail._domainkey.lug.ustc.edu.cn. 600 IN TXT "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC8MTDW2coES4+fAOLSTBP+0hevVGZwp9ecZnQMpBSBWAcAZ1KiMGmJoM0yDx1Gst4UGz3IXc8uqstSki5mdgpUWONt0zz2Kxr/6zzMu+C8ySiBWPoMdBbXHnfQQ1GisweivhChgxx0MuyL9CylQGcthF9Hu2kMy/4cV3REtg+H3QIDAQAB"
Public key used for verification: mail._domainkey.lug.ustc.edu.cn (1024 bits)
NOTE: DKIM checking has been performed based on the latest DKIM specs
(RFC 4871 or draft-ietf-dkim-base-10) and verification may fail for
older versions. If you are using Port25's PowerMTA, you need to use
version 3.2r11 or later to get a compatible version of DKIM.
----------------------------------------------------------
Sender-ID check details:
----------------------------------------------------------
Result: pass
ID(s) verified: [email protected]
DNS record(s):
lug.ustc.edu.cn. SPF (no records)
lug.ustc.edu.cn. 600 IN TXT "v=spf1 mx a a:ip-list.vpn.ustclug.org ~all"
lug.ustc.edu.cn. 600 IN MX 5 blog.ustc.edu.cn.
blog.ustc.edu.cn. 600 IN A 202.141.176.99
lug.ustc.edu.cn. 600 IN A 202.141.162.123
ip-list.vpn.ustclug.org. 28 IN A 128.199.232.134
ip-list.vpn.ustclug.org. 28 IN A 202.38.93.95
ip-list.vpn.ustclug.org. 28 IN A 128.199.170.5
ip-list.vpn.ustclug.org. 28 IN A 128.199.211.154
ip-list.vpn.ustclug.org. 28 IN A 202.141.176.99
ip-list.vpn.ustclug.org. 28 IN A 202.141.160.99
ip-list.vpn.ustclug.org. 28 IN A 128.199.161.228