提醒:本文最后更新于 2978 天前,文中所描述的信息可能已发生改变,请仔细核实。
最近一些博友反馈说收不到我博邮件,经过检查,发现少许邮箱出现了,如下所示回馈:
mail server rejected a message that claimed an envelope sender address of kn007.net
it was rejected by the server for the recipient domain mta-189.21cn.com为此,我专门为VPS的DNS解析,添加了如下所示的SPF信息:
v=spf1 a mx mx:kn007.net ip4:50.2.54.2 ~allMX记录:
kn007.net.default._domainkey记录TXT的DKIM协议:
v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDPY9DY0gk18N7osVZA6JzLoUzUuP7Q6s5DJyfGVKJUGxxwhg2WXY3jBN/McJdNg+jyUOr7+XVm9+VguJSZDfzCsCHJOei0fTUpW7Xi4xRJaGMoIMiV1wovBHDSTk55xX4ihuMHZcLKVGALuQtK+skeHEEvDE4nxaktNvTS2MaXnQIDAQAB最后为postfix添加了DKIM协议,具体DKIM安装,有些麻烦,反正我是用wget来build安装没成功,估计是没搞site.config.m4或者define的不对。
提供另外一种安装方式,原创(保留了之前错误的尝试,以#注释):
rpm -ivh http://download4.fedora.redhat.com/pub/epel/5/`uname -i`/dkim-milter-2.8.3-8.el5.`uname -i`.rpm --nodeps
wget -O dkim-milter.tar.gz http://sourceforge.net/projects/dkim-milter/files/latest/download?source=files
#wget -O dk-milter.tar.gz http://sourceforge.net/projects/dk-milter/files/latest/download
tar zxvf dkim-milter.tar.gz
#tar zxvf dk-milter.tar.gz
cd dkim-milter-*
#ln -s ../dk-milter-*/libdk
#cp site.config.m4.dist site.config.m4
#echo "define(`confMANROOT', `/usr/share/man/man')" >> site.config.m4
#cp ./site.config.m4 devtools/Site/site.config.m4
#./Build
#./Build install
mkdir -p /etc/dkim-milter/keys/
cp ./dkim-filter/dkim-genkey.sh /etc/dkim-milter/keys/
cd /etc/dkim-milter/keys/
chmod +x ./dkim-genkey.sh
chown dkim-milter /etc/dkim-milter
chmod 700 /etc/dkim-milter
chgrp postfix /var/run/dkim-milter
chmod 770 /var/run/dkim-milter
./dkim-genkey.sh -r -d `hostname -f`
chown dkim-milter /etc/dkim-milter/keys/default.private
mv /etc/dkim-milter/keys/default.private /etc/dkim-milter/keys/default.key.pem
#会生成default.txt 和 default.private
#根据default.txt 里面的内容,将DNS的TXT记录添加好
#default.private已安置好,并改名为default.key.pem,可以使用了
#下面的命令,大家根据实际微调
echo "*@kn007.net:kn007.net:/etc/dkim-milter/keys/default.key.pem" >> /etc/mail/dkim-milter/keys/keylist
echo 'USER="dkim-milter"' >> /etc/sysconfig/dkim-milter
echo 'PORT=local:/var/run/dkim-milter/dkim.sock' >> /etc/sysconfig/dkim-milter
echo 'SELECTOR_NAME="default"' >> /etc/sysconfig/dkim-milter
echo 'SIGNING_DOMAIN="kn007.net"' >> /etc/sysconfig/dkim-milter
echo 'KEYFILE="/etc/dkim-milter/keys/default.key.pem"' >> /etc/sysconfig/dkim-milter
echo 'SIGNER=yes' >> /etc/sysconfig/dkim-milter
echo 'VERIFIER=yes' >> /etc/sysconfig/dkim-milter
echo 'CANON=simple' >> /etc/sysconfig/dkim-milter
echo 'SIGALG=rsa-sha256' >> /etc/sysconfig/dkim-milter
echo 'REJECTION="bad=r,dns=t,int=t,no=a,miss=r"' >> /etc/sysconfig/dkim-milter
echo 'EXTRA_ARGS="-h -l -D"' >> /etc/sysconfig/dkim-milter
echo 'Canonicalization simple' >> /etc/mail/dkim-milter/dkim-filter.conf
echo 'AutoRestart yes' >> /etc/mail/dkim-milter/dkim-filter.conf
echo 'AutoRestartRate 10/1h' >> /etc/mail/dkim-milter/dkim-filter.conf
echo 'Domain kn007.net' >> /etc/mail/dkim-milter/dkim-filter.conf
echo 'SubDomains yes' >> /etc/mail/dkim-milter/dkim-filter.conf
echo 'Selector default' >> /etc/mail/dkim-milter/dkim-filter.conf
echo 'MTA MSA' >> /etc/mail/dkim-milter/dkim-filter.conf
echo 'KeyFile /etc/dkim-milter/keys/default.key.pem' >> /etc/mail/dkim-milter/dkim-filter.conf
echo 'Background yes' >> /etc/mail/dkim-milter/dkim-filter.conf
echo 'Socket local:/var/run/dkim-milter/dkim.sock' >> /etc/mail/dkim-milter/dkim-filter.conf
echo 'X-Header yes' >> /etc/mail/dkim-milter/dkim-filter.conf
echo 'LogWhy yes' >> /etc/mail/dkim-milter/dkim-filter.conf
echo 'Userid dkim-milter' >> /etc/mail/dkim-milter/dkim-filter.conf
echo 'SignatureAlgorithm rsa-sha256' >> /etc/mail/dkim-milter/dkim-filter.conf
echo 'smtpd_milters = local:/var/run/dkim-milter/dkim.sock' >> /etc/postfix/main.cf
echo 'non_smtpd_milters = local:/var/run/dkim-milter/dkim.sock' >> /etc/postfix/main.cf
echo 'milter_protocol = 2' >> /etc/postfix/main.cf
echo 'milter_default_action = accept' >> /etc/postfix/main.cf
chkconfig --level 345 dkim-milter on
service dkim-milter start
service postfix reload
#有bug或者一些错误,欢迎交流!
以上安装方式适用于centos。
目前已有DNS解析:
有几个测试网站,测试后的结果都是没问题了:
http://www.openspf.org/Why?show-form=1
The domain kn007.net has authorized 50.2.54.2 to send mail on its behalf, so the message should have been accepted. It is impossible for us to say why it was rejected.http://dkimcore.org/c/keycheck
This is a valid DKIM key recordhttp://www.brandonchecketts.com/emailtest.php
As long as your score is below 5, you shouldn't run into any serious delivery issues.这样完成后DKIM到底有没有作用,我也不晓得,因为我发出的邮件还是没带DKIM签名,或许这个问题需要高手来解答下。
转载请注明转自:kn007的个人博客的《Postfix添加DKIM协议,完善DNS中的SPF解析》
@Uncle.E: 手动确实苦逼,麻烦
@kn007: 奇怪,回复邮件提示样式全部乱了… 是我的问题么·
@Uncle.E: 不是你的问题..改东西中
@kn007: 搞掂了……这次好了
@Uncle.E: 嘻嘻~
前几天收不到回复邮件了,把旧代码删掉换了一个新的解决
太技术也懒得弄
@蚊哥's Blog: 哈,我主要是定义头过多了
@kn007: 收到了回复邮件,但是样式貌似没弄对把,HTML源码全部都露出来了
@蚊哥's Blog: 好吧,貌似是我邮箱的问题……
@蚊哥's Blog: html头去掉了。。。
@蚊哥's Blog: 正在改样式
看到这个就蛋疼
@老猫Music:
为毛
@kn007: 装了尼玛不下10遍就是不成功!
@老猫Music:
centos也能行?
@子瑜: 这东西试试就知,没说不可以
这个页面好卡,win8+ie10...
@瓜瓜: 会吗!?
同等环境测试没问题
@骑士电台: 谢谢
@那时年少: 别这样子
技术博客,好深奥啊
@互动设计: 也不是很深奥
看不懂啊看不懂
@L-JH:
瞧你谦虚的
没遇到过这种问题
@Aivier: 这种问题并不多,不属于常见问题。