LUG 邮件服务器添加 DKIM 验证

为了减少 LUG 发出的邮件被误判为垃圾邮件,参考 How To Install and Configure DKIM with Postfix on Debian Wheezy,使用 OpenDKIM 为 {blog,freeshell,lug}.ustc.edu.cn 外发的邮件添加了 DKIM 验证。

DKIM 的原理是在每封外发的邮件上附加签名,而这个签名所使用的公钥可以通过查询 mail._domainkey.{blog,freeshell,lug}.ustc.edu.cn 域名的 TXT 记录得到。只要 DNS 系统没有问题,经过了签名的邮件就能确保是该域名的所有者发出的。

感谢 常震 的建议。

Tip: 如何测试你的邮件服务器正确配置了 DKIM?可以用邮件服务器向 check-auth@verifier.port25.com 发送邮件来检测,你会收到一封测试结果的邮件。看 DKIM check 部分就行。如下是 lug.ustc.edu.cn 的测试结果(DomainKeys 是平行于 DKIM 的另一套签名机制,暂不准备添加)。

==========================================================
Summary of Results
==========================================================
SPF check:          pass
DomainKeys check:   neutral
DKIM check:         pass
Sender-ID check:    pass
SpamAssassin check: ham

==========================================================
Details:
==========================================================

HELO hostname:  blog.ustc.edu.cn
Source IP:      128.199.232.134
mail-from:      boj@lug.ustc.edu.cn

----------------------------------------------------------
SPF check details:
----------------------------------------------------------
Result:         pass
ID(s) verified: smtp.mailfrom=boj@lug.ustc.edu.cn
DNS record(s):
    lug.ustc.edu.cn. SPF (no records)
    lug.ustc.edu.cn. 600 IN TXT "v=spf1 mx a a:ip-list.vpn.ustclug.org ~all"
    lug.ustc.edu.cn. 600 IN MX 5 blog.ustc.edu.cn.
    blog.ustc.edu.cn. 600 IN A 202.141.176.99
    lug.ustc.edu.cn. 600 IN A 202.141.162.123
    ip-list.vpn.ustclug.org. 28 IN A 128.199.232.134
    ip-list.vpn.ustclug.org. 28 IN A 202.38.93.95
    ip-list.vpn.ustclug.org. 28 IN A 128.199.170.5
    ip-list.vpn.ustclug.org. 28 IN A 128.199.211.154
    ip-list.vpn.ustclug.org. 28 IN A 202.141.176.99
    ip-list.vpn.ustclug.org. 28 IN A 202.141.160.99
    ip-list.vpn.ustclug.org. 28 IN A 128.199.161.228

----------------------------------------------------------
DomainKeys check details:
----------------------------------------------------------
Result:         neutral (message not signed)
ID(s) verified: header.From=boj@lug.ustc.edu.cn
DNS record(s):

----------------------------------------------------------
DKIM check details:
----------------------------------------------------------
Result:         pass (matches From: boj@lug.ustc.edu.cn)
ID(s) verified: header.d=lug.ustc.edu.cn
Canonicalized Headers:
    date:Mon,'20'8'20'Dec'20'2014'20'00:17:17'20'+0800'20'(CST)'0D''0A'
    from:boj@lug.ustc.edu.cn'20'(Bojie'20'Li)'0D''0A'
    dkim-signature:v=1;'20'a=rsa-sha256;'20'c=relaxed/simple;'20'd=lug.ustc.edu.cn;'20's=mail;'20't=1417969044;'20'bh=z6TUz85EdYrACGMHYgZhJGvVy5oQI0dooVMKa2ZT7c4=;'20'h=Date:From;'20'b=

Canonicalized Body:
    Hello'20'world!'0D''0A'


DNS record(s):
    mail._domainkey.lug.ustc.edu.cn. 600 IN TXT "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC8MTDW2coES4+fAOLSTBP+0hevVGZwp9ecZnQMpBSBWAcAZ1KiMGmJoM0yDx1Gst4UGz3IXc8uqstSki5mdgpUWONt0zz2Kxr/6zzMu+C8ySiBWPoMdBbXHnfQQ1GisweivhChgxx0MuyL9CylQGcthF9Hu2kMy/4cV3REtg+H3QIDAQAB"

Public key used for verification: mail._domainkey.lug.ustc.edu.cn (1024 bits)

NOTE: DKIM checking has been performed based on the latest DKIM specs
(RFC 4871 or draft-ietf-dkim-base-10) and verification may fail for
older versions.  If you are using Port25's PowerMTA, you need to use
version 3.2r11 or later to get a compatible version of DKIM.

----------------------------------------------------------
Sender-ID check details:
----------------------------------------------------------
Result:         pass
ID(s) verified: header.From=boj@lug.ustc.edu.cn
DNS record(s):
    lug.ustc.edu.cn. SPF (no records)
    lug.ustc.edu.cn. 600 IN TXT "v=spf1 mx a a:ip-list.vpn.ustclug.org ~all"
    lug.ustc.edu.cn. 600 IN MX 5 blog.ustc.edu.cn.
    blog.ustc.edu.cn. 600 IN A 202.141.176.99
    lug.ustc.edu.cn. 600 IN A 202.141.162.123
    ip-list.vpn.ustclug.org. 28 IN A 128.199.232.134
    ip-list.vpn.ustclug.org. 28 IN A 202.38.93.95
    ip-list.vpn.ustclug.org. 28 IN A 128.199.170.5
    ip-list.vpn.ustclug.org. 28 IN A 128.199.211.154
    ip-list.vpn.ustclug.org. 28 IN A 202.141.176.99
    ip-list.vpn.ustclug.org. 28 IN A 202.141.160.99
    ip-list.vpn.ustclug.org. 28 IN A 128.199.161.228