为了减少 LUG 发出的邮件被误判为垃圾邮件,参考 How To Install and Configure DKIM with Postfix on Debian Wheezy,使用 OpenDKIM 为 {blog,freeshell,lug}.ustc.edu.cn 外发的邮件添加了 DKIM 验证。
DKIM 的原理是在每封外发的邮件上附加签名,而这个签名所使用的公钥可以通过查询 mail._domainkey.{blog,freeshell,lug}.ustc.edu.cn 域名的 TXT 记录得到。只要 DNS 系统没有问题,经过了签名的邮件就能确保是该域名的所有者发出的。
感谢 常震 的建议。
Tip: 如何测试你的邮件服务器正确配置了 DKIM?可以用邮件服务器向 [email protected] 发送邮件来检测,你会收到一封测试结果的邮件。看 DKIM check 部分就行。如下是 lug.ustc.edu.cn 的测试结果(DomainKeys 是平行于 DKIM 的另一套签名机制,暂不准备添加)。
========================================================== Summary of Results ========================================================== SPF check: pass DomainKeys check: neutral DKIM check: pass Sender-ID check: pass SpamAssassin check: ham ========================================================== Details: ========================================================== HELO hostname: blog.ustc.edu.cn Source IP: 128.199.232.134 mail-from: [email protected] ---------------------------------------------------------- SPF check details: ---------------------------------------------------------- Result: pass ID(s) verified: [email protected] DNS record(s): lug.ustc.edu.cn. SPF (no records) lug.ustc.edu.cn. 600 IN TXT "v=spf1 mx a a:ip-list.vpn.ustclug.org ~all" lug.ustc.edu.cn. 600 IN MX 5 blog.ustc.edu.cn. blog.ustc.edu.cn. 600 IN A 202.141.176.99 lug.ustc.edu.cn. 600 IN A 202.141.162.123 ip-list.vpn.ustclug.org. 28 IN A 128.199.232.134 ip-list.vpn.ustclug.org. 28 IN A 202.38.93.95 ip-list.vpn.ustclug.org. 28 IN A 128.199.170.5 ip-list.vpn.ustclug.org. 28 IN A 128.199.211.154 ip-list.vpn.ustclug.org. 28 IN A 202.141.176.99 ip-list.vpn.ustclug.org. 28 IN A 202.141.160.99 ip-list.vpn.ustclug.org. 28 IN A 128.199.161.228 ---------------------------------------------------------- DomainKeys check details: ---------------------------------------------------------- Result: neutral (message not signed) ID(s) verified: [email protected] DNS record(s): ---------------------------------------------------------- DKIM check details: ---------------------------------------------------------- Result: pass (matches From: [email protected]) ID(s) verified: header.d=lug.ustc.edu.cn Canonicalized Headers: date:Mon,'20'8'20'Dec'20'2014'20'00:17:17'20'+0800'20'(CST)'0D''0A' from:[email protected]'20'(Bojie'20'Li)'0D''0A' dkim-signature:v=1;'20'a=rsa-sha256;'20'c=relaxed/simple;'20'd=lug.ustc.edu.cn;'20's=mail;'20't=1417969044;'20'bh=z6TUz85EdYrACGMHYgZhJGvVy5oQI0dooVMKa2ZT7c4=;'20'h=Date:From;'20'b= Canonicalized Body: Hello'20'world!'0D''0A' DNS record(s): mail._domainkey.lug.ustc.edu.cn. 600 IN TXT "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC8MTDW2coES4+fAOLSTBP+0hevVGZwp9ecZnQMpBSBWAcAZ1KiMGmJoM0yDx1Gst4UGz3IXc8uqstSki5mdgpUWONt0zz2Kxr/6zzMu+C8ySiBWPoMdBbXHnfQQ1GisweivhChgxx0MuyL9CylQGcthF9Hu2kMy/4cV3REtg+H3QIDAQAB" Public key used for verification: mail._domainkey.lug.ustc.edu.cn (1024 bits) NOTE: DKIM checking has been performed based on the latest DKIM specs (RFC 4871 or draft-ietf-dkim-base-10) and verification may fail for older versions. If you are using Port25's PowerMTA, you need to use version 3.2r11 or later to get a compatible version of DKIM. ---------------------------------------------------------- Sender-ID check details: ---------------------------------------------------------- Result: pass ID(s) verified: [email protected] DNS record(s): lug.ustc.edu.cn. SPF (no records) lug.ustc.edu.cn. 600 IN TXT "v=spf1 mx a a:ip-list.vpn.ustclug.org ~all" lug.ustc.edu.cn. 600 IN MX 5 blog.ustc.edu.cn. blog.ustc.edu.cn. 600 IN A 202.141.176.99 lug.ustc.edu.cn. 600 IN A 202.141.162.123 ip-list.vpn.ustclug.org. 28 IN A 128.199.232.134 ip-list.vpn.ustclug.org. 28 IN A 202.38.93.95 ip-list.vpn.ustclug.org. 28 IN A 128.199.170.5 ip-list.vpn.ustclug.org. 28 IN A 128.199.211.154 ip-list.vpn.ustclug.org. 28 IN A 202.141.176.99 ip-list.vpn.ustclug.org. 28 IN A 202.141.160.99 ip-list.vpn.ustclug.org. 28 IN A 128.199.161.228