postfix+domainkey 安装

  

系统：CentOS5.1 下载软件 http://nchc.dl.sourceforge.net/s ... milter-1.0.0.tar.gz 安装dk-milter tar -zxf dk-milter-1.0.0.tar.gz cd dk-milter-1.0.0 sh Build -c sh Build install 详细使用参数说明 /usr/bin/dk-filter -h dk-filter: usage: dk-filter -p socketfile [options] -a peerlist         file containing list of hosts to ignore -A                  auto-restart -b modes            select operating modes -c canon            canonicalization to use when signing -C config           configuration info (see man page) -d domlist          domains to sign -D                  also sign subdomains -f                  don't fork-and-exit -h                  append identifying header -H                  sign with explicit header lists -i ilist            file containing list of internal (signing) hosts -I elist            file containing list of external domain clients -k                  load a key set instead of a single key -l                  log activity to system log -m mtalist          MTA daemon names for which to sign -M macrolist        MTA macros which enable signing -o hdrlist          list of headers to omit from signing -P pidfile          file to which to write pid -R                  generate verification failure reports -s keyfile          location of secret key file -S selector         selector to use when signing -u userid           change to specified userid -V                  print version number and terminate 复制gentxt.sh到/usr/bin/ cp dk-filter/gentxt.csh /usr/bin/gentxt.sh 生成txt记录的key /usr/bin/gentxt.sh  default postfix.cn default._domainkey IN TXT "k=rsa; t=y; p=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANFN7AHPRajbA9N2URB0lGptANfauG6/saDGSgwmJxjQUnMQVcP4dkAo3XMljsiRDx3kJRZ1WJU+VRe5yefRofUCAwEAAQ==" ; ----- DomainKey default for postfix.cn 把上面生成的txt记录加到postfix.cn的zone中去 复制生成的default.private cp dk-filter/default.private /tmail/dkim-milter/postfix.cn_default.key.pem 编辑main.cf vi /tmail/postfix/etc/main.cf smtpd_milters = inet:localhost:8891 non_smtpd_milters = inet:localhost:8891 启动dkfilter /usr/bin/dk-filter -l -p inet:8891@localhost -d postfix.cn -s /tmail/dkim-milter/postfix.cn_default.key.pem -S default 发邮件到yahoo.com.cn去测试domainkey是否pass 如果一切正常你在yahoo.com.cn的邮件头中看到 Authentication-Results:                mta133.mail.cnb.yahoo.com from=postfix.cn; domainkeys=pass (ok) DomainKey-Signature:         a=rsa-sha1; s=default; d=postfix.cn; c=simple; q=dns; b=oycNtAJ+tFHP74qVuB7J5qUz0sKYfAE5AadtDCacA61tJCeXScitWAXXUB6e44bq1 Cf0XPFxOQrAI1tnZoJabA== 发件人:        "test@postfix.cn" <test@postfix.cn>         Yahoo!域名密钥已经确认这封邮件来自于 postfix.cn. 了解更多 参考文档 http://bbs.chinaunix.net/viewthr ... highlight=abel 2008-5-27