服务器维护,服务器代维,安全设置,漏洞扫描,入侵检测服务

dirtysea 发表于 2010-5-5 15:17:57

CentOS5 配置sendmail imap,pop3,smtp认证

查看<SPAN class=t_tag onclick=tagshow(event) href="tag.php?name=%B0%B2%D7%B0">安装</SPAN><BR>rpm -qa | grep sendmail<BR>rpm -qa | grep dovecot<BR>rpm -qa | grep cyrus<BR>安装邮件<SPAN class=t_tag onclick=tagshow(event) href="tag.php?name=%B7%FE%CE%F1%C6%F7">服务器</SPAN><BR>yum install sendmail sendmail-cf<BR>安装pop3/imap服务<BR>yum install dovecot <BR><BR>安装用户认证<BR>yum install cyrus-sasl<BR>yum install cyrus-sasl-md5<BR>yum install cyrus-sasl-plain<BR>yum install cyrus-sasl-lib<BR><BR>修改sendmail配置<BR>vi /etc/mail/sendmail.mc<BR><BR>第42行和43行,把最前面的dnl删除,变成:<BR>TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 C<SPAN class=t_tag onclick=tagshow(event) href="tag.php?name=RAM">RAM</SPAN>-MD5 LOGIN PLAIN')dnl&nbsp;&nbsp;<BR>define(`confAUTH_MECHANISMS',`EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl <BR><BR>修改SMTP的监听IP为 0.0.0.0&nbsp;&nbsp;<BR>DAEMON_OPTIONS(`Port=smtp,Addr=0.0.0.0, Name=MTA')dnl<BR><BR>生成配置<BR>m4 /etc/mail/sendmail.mc &gt; /etc/sendmail.cf<BR>***************************<BR>如果出现:sendmail.mc:10: m4: cannot open `/usr/share/sendmail-cf/m4/cf.m4': No such file or directory<BR>说明需要安装sendmail-cf<BR>yum install sendmail-cf<BR>***************************<BR><BR><BR>修改dovecot配置<BR>vi /etc/dovecot.conf<BR>去掉下面一行前面的#<BR>#protocols =imap imaps pop3 pop3s<BR><BR><BR>添加域名<BR>vi /etc/mail/local-host-names<BR>添加域名如:dirtysea.com //每个域名一行<BR><BR>修改认证方式 <BR>vi /usr/lib/sasl2/Sendmail.conf 里面指明了:pwcheck_method=saslauthd,不做修改<BR>vi /etc/sysconfig/saslauthd&nbsp;&nbsp;找到第7行的:MECH=&nbsp;&nbsp;改成:MECH=shadow<BR>保存<BR>如下示列:<BR><BR><FONT color=red># cat /usr/lib/sasl2/Sendmail.conf</FONT> <BR>pwcheck_method:saslauthd<BR><FONT color=red># cat /usr/lib/sasl2/smtpd.conf.rpmsave <BR></FONT>log_level: 3&nbsp;&nbsp;<BR>pwcheck_method: saslauthd <BR>mech_list: PLAIN LOGIN<BR><FONT color=red># cat&nbsp; &nbsp;/etc/sysconfig/saslauthd<BR></FONT># Directory in which to place saslauthd's listening socket, pid file, and so<BR># on.&nbsp;&nbsp;This directory must already exist.<BR>SOCKETDIR=/var/run/saslauthd<BR># Mechanism to use when checking passwords.&nbsp;&nbsp;Run "saslauthd -v" to get a list<BR># of which mechanism your installation was compiled with the ablity to use.<BR>MECH=shadow<BR># Additional flags to pass to saslauthd on the command line.&nbsp;&nbsp;See saslauthd(8)<BR># for the list of accepted flags.<BR>FLAGS=<BR><FONT color=red>#testsaslauthd -u test -p 123456</FONT>&nbsp; &nbsp;(验证smtp)<BR>0: OK "Success."<BR><BR><BR><BR><BR><BR><BR>添加邮件用户<BR># groupadd mailuser <BR># adduser -g mailuser -s /sbin/nologin test <BR>这样添加的用户名就没有了shell,只能收发信而不能登录到服务器<SPAN class=t_tag onclick=tagshow(event) href="tag.php?name=%D4%CB%D0%D0">运行</SPAN>其他<SPAN class=t_tag onclick=tagshow(event) href="tag.php?name=%B3%CC%D0%F2">程序</SPAN><BR><BR><BR><SPAN class=t_tag onclick=tagshow(event) href="tag.php?name=%C9%E8%D6%C3">设置</SPAN>开机启动<BR>chkconfig sendmail on<BR>chkconfig dovecot on<BR>chkconfig saslauthd on<BR><BR>重启<BR>service sendmail restart<BR>service dovecot restart<BR>service saslauthd restart<BR><BR>验证Sendmail服务<BR>telnet localhost 25 //输入helo localhost 此时应该有LOGIN PLAIN的字样,即表示SMTP认证设置成功。<BR><BR># telnet localhost 25<BR>Trying 127.0.0.1...<BR>Connected to localhost.localdomain (127.0.0.1).<BR>Escape character is '^]'.<BR>220 centos5 ESMTP Sendmail 8.13.8/8.13.8; Thu, 6 May 2010 06:21:29 +0800<BR>helo localhost<BR>250 centos5 Hello localhost.localdomain , pleased to meet you<BR>mail from:&lt;<A href="mailto:test@dirtysea.com"><FONT color=#810081>test@dirtysea.com</FONT></A>&gt;<BR>250 2.1.0 &lt;<A href="mailto:test@dirtysea.com"><FONT color=#810081>test@dirtysea.com</FONT></A>&gt;... Sender ok<BR>rcpt to:&lt;<A href="mailto:ziliaodaren@163.com"><FONT color=#0000ff>ziliaodaren@163.com</FONT></A>&gt;&nbsp; &nbsp;&nbsp; &nbsp; <FONT face="Tahoma "><FONT size=2><FONT color=#0000ff>(要测试向外发送邮件就填写网络上存在的邮件地址)</FONT></FONT></FONT><BR>250 2.1.5 &lt;<A href="mailto:ziliaodaren@163.com"><FONT color=#0000ff>ziliaodaren@163.com</FONT></A>&gt;... Recipient ok<BR>data<BR>354 Enter mail, end with "." on a line by itself<BR><FONT color=#0000ff><FONT size=2><FONT face="Tahoma ">From: alin <BR>To: alin </FONT></FONT><BR><FONT face="Tahoma "><FONT size=2>Subject: Hello </FONT></FONT></FONT><BR><FONT color=blue>test<BR>.</FONT><BR>250 2.0.0 o45MLTcH005157 Message accepted for delivery<BR><FONT color=blue>quit<BR></FONT>221 2.0.0 centos5 closing connection<BR>Connection closed by foreign host.<BR><BR><BR><BR><BR>ok,可以<SPAN class=t_tag onclick=tagshow(event) href="tag.php?name=%CA%B9%D3%C3">使用</SPAN>outlook或foxmail进行测试收发了。<BR><BR>注意:为什么没有设定foxmail中的smtp服务器需要验证,也可以发送E-mail? <BR>要用OUTLOOK来测试,Foxmail似乎可以自动地进行smtp认证。OUTLOOK在smtp服务器验证失败后,有拒绝提示<BR><BR>工具-&gt;;帐户-&gt;;邮件-&gt;;属性-&gt;;服务器-&gt;;我的服务器要求身份验证(选上)-&gt;;设置-&gt;;(选择)登录方式-&gt;;帐户名:(用saslpasswd2建立的),<SPAN class=t_tag onclick=tagshow(event) href="tag.php?name=%C3%DC%C2%EB">密码</SPAN>(用saslpasswd2建立的)-&gt;;确定.<BR>另外:接收邮件服务器的帐户名与密码应该是<SPAN class=t_tag onclick=tagshow(event) href="tag.php?name=%CF%B5%CD%B3">系统</SPAN>里的用户名与密码.<BR><BR><BR>saslauthd -v 看结果支不支持 pam或shadow<BR>smtp验证测试: testsaslauthd -u test -p 123456 <BR>sasldblistusers2 检查已经增加的smtp验证用户<BR>saslpasswd2增加smtp验证用户:saslpasswd2 -u cencn.com -c test<BR><BR><BR>查看sendmail队列:mailq<BR><FONT face="Verdana "><FONT style="FONT-SIZE: 9pt"><FONT face="PMingLiU ">立即发送队列里的邮件:&nbsp;&nbsp;<FONT face="Verdana "><FONT style="FONT-SIZE: 9pt"></FONT></FONT></FONT>sendmail –oQ/var/spool/mqueue.stop -q</FONT></FONT><BR><FONT face="Verdana "><FONT style="FONT-SIZE: 9pt">察看邮件系统的状态:mailstats</FONT></FONT><BR><FONT face="Verdana "><FONT style="FONT-SIZE: 9pt">查看暂时存储邮件:ls -l /var/spool/mail |more</FONT></FONT>

dirtysea 发表于 2010-12-28 14:24:50

此系统基本上为默认服务器安装模式,25、110端口均已经打开,可以接收外面发来的邮件,但是自己发不出去,从客户端用foxmail发信,提示:
The server reply:

550 5.7.1 <mrlsg@21cn.com>...Relaying denied.IP name lookup failed

解决办法:
修改access文件,如下:
# vi /etc/mail/access

# Check the /usr/share/doc/sendmail/README.cf file for a description
# of the format of this file. (search for access_db in that file)
# The /usr/share/doc/sendmail/README.cf is part of the sendmail-doc
# package.
#
# by default we allow relaying from localhost...
localhost.localdomain         RELAY
localhost                           RELAY
127.0.0.1                            RELAY
yourdomain.com.cn         RELAY
192.168                              RELAY         (添加你被拒绝的IP)

运行:
# makemap hash /etc/mail/access.db < /etc/mail/access
# db_dump -p /etc/mail/access.db
# /etc/init.d/sendmail restart
发信正常了。

dirtysea 发表于 2012-1-16 09:56:16

<P class=MsoNormal style="BACKGROUND: white; MARGIN: 0cm 0cm 0pt; VERTICAL-ALIGN: middle; LINE-HEIGHT: 22.5pt; TEXT-ALIGN: left; mso-pagination: widow-orphan; mso-outline-level: 4" align=left><B><SPAN lang=EN-US style="FONT-SIZE: 15pt; COLOR: black; FONT-FAMILY: 'Microsoft YaHei'; mso-bidi-font-size: 12.0pt; mso-font-kerning: 0pt; mso-bidi-font-family: Arial"><A title=邮件服务器DNS设置-----MX、SPF、DKIM记录详解 href="http://blog.csdn.net/mal327/article/details/6700493"><SPAN lang=EN-US style="COLOR: #333333; FONT-FAMILY: 宋体; TEXT-DECORATION: none; text-underline: none; mso-ascii-font-family: 'Microsoft YaHei'; mso-hansi-font-family: 'Microsoft YaHei'"><SPAN lang=EN-US>邮件服务器</SPAN></SPAN><SPAN style="COLOR: #333333; TEXT-DECORATION: none; text-underline: none"><FONT face="Times New Roman">DNS</FONT></SPAN><SPAN lang=EN-US style="COLOR: #333333; FONT-FAMILY: 宋体; TEXT-DECORATION: none; text-underline: none; mso-ascii-font-family: 'Microsoft YaHei'; mso-hansi-font-family: 'Microsoft YaHei'"><SPAN lang=EN-US>设置</SPAN></SPAN><SPAN style="COLOR: #333333; TEXT-DECORATION: none; text-underline: none"><FONT face="Times New Roman">-----MX</FONT></SPAN><SPAN lang=EN-US style="COLOR: #333333; FONT-FAMILY: 宋体; TEXT-DECORATION: none; text-underline: none; mso-ascii-font-family: 'Microsoft YaHei'; mso-hansi-font-family: 'Microsoft YaHei'"><SPAN lang=EN-US>、</SPAN></SPAN><SPAN style="COLOR: #333333; TEXT-DECORATION: none; text-underline: none"><FONT face="Times New Roman">SPF</FONT></SPAN><SPAN lang=EN-US style="COLOR: #333333; FONT-FAMILY: 宋体; TEXT-DECORATION: none; text-underline: none; mso-ascii-font-family: 'Microsoft YaHei'; mso-hansi-font-family: 'Microsoft YaHei'"><SPAN lang=EN-US>、</SPAN></SPAN><SPAN style="COLOR: #333333; TEXT-DECORATION: none; text-underline: none"><FONT face="Times New Roman">DKIM</FONT></SPAN><SPAN lang=EN-US style="COLOR: #333333; FONT-FAMILY: 宋体; TEXT-DECORATION: none; text-underline: none; mso-ascii-font-family: 'Microsoft YaHei'; mso-hansi-font-family: 'Microsoft YaHei'"><SPAN lang=EN-US>记录详解</SPAN></SPAN></A></SPAN></B><B><SPAN lang=EN-US style="FONT-SIZE: 15pt; COLOR: black; FONT-FAMILY: 'Microsoft YaHei'; mso-font-kerning: 0pt; mso-bidi-font-family: Arial"><FONT face="Times New Roman"> <?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /><o:p></o:p></FONT></SPAN></B></P>
<P><SPAN lang=EN-US><BR><FONT face=宋体 color=#000000 size=3>DNS</FONT></SPAN><FONT face=宋体 color=#000000 size=3>记录,需要你到你的域名托管商那里进行设置或者你自己管理<SPAN lang=EN-US>DNS</SPAN>服务器。不少域名托管商不支持<SPAN lang=EN-US>txt</SPAN>记录或者不支持<SPAN lang=EN-US>DKIM</SPAN>记录,所以你就无法使用<SPAN lang=EN-US>SPF</SPAN>和<SPAN lang=EN-US>DKIM</SPAN>的功能。</FONT><SPAN lang=EN-US><BR><FONT face=宋体 color=#000000 size=3>DNS</FONT></SPAN><FONT face=宋体 color=#000000 size=3>的修改,需要<SPAN lang=EN-US>48</SPAN>小时以上才能生效。</FONT><SPAN lang=EN-US><BR></SPAN><FONT face=宋体 color=#000000 size=3>国内的万网是不支持<SPAN lang=EN-US>DKIM</SPAN>,目前新网是支持<SPAN lang=EN-US>SPF</SPAN>和<SPAN lang=EN-US>DKIM</SPAN>。</FONT><SPAN lang=EN-US><BR><BR></SPAN><FONT color=#000000><FONT face=宋体><SPAN lang=EN-US style="FONT-SIZE: 13.5pt">1.MX</SPAN><SPAN style="FONT-SIZE: 13.5pt">记录</SPAN></FONT></FONT><SPAN lang=EN-US><BR></SPAN><FONT face=宋体 color=#000000 size=3>邮件的<SPAN lang=EN-US>MX</SPAN>记录最好是指向机器<SPAN lang=EN-US>A</SPAN>记录,尽量不要直接指向<SPAN lang=EN-US>IP</SPAN>地址(不符合规范)。</FONT><SPAN lang=EN-US><BR><STRONG><SPAN style="FONT-FAMILY: 宋体; mso-bidi-font-family: 宋体"><FONT color=#000000 size=3>1.1 </FONT></SPAN></STRONG></SPAN><STRONG><SPAN style="FONT-FAMILY: 宋体; mso-bidi-font-family: 宋体"><FONT color=#000000 size=3>添加<SPAN lang=EN-US>A</SPAN>记录</FONT></SPAN></STRONG><SPAN lang=EN-US><BR><FONT face=宋体><FONT size=3><FONT color=#000000>mail.example.com 192.168.1.100<BR><STRONG><SPAN style="FONT-FAMILY: 宋体; mso-bidi-font-family: 宋体">1.2 </SPAN></STRONG></FONT></FONT></FONT></SPAN><STRONG><SPAN style="FONT-FAMILY: 宋体; mso-bidi-font-family: 宋体"><FONT color=#000000 size=3>添加<SPAN lang=EN-US>MX</SPAN>记录</FONT></SPAN></STRONG><SPAN lang=EN-US><BR><FONT face=宋体><FONT size=3><FONT color=#000000>example.com mail.example.com<BR><STRONG><SPAN style="FONT-FAMILY: 宋体; mso-bidi-font-family: 宋体">1.3 </SPAN></STRONG></FONT></FONT></FONT></SPAN><STRONG><SPAN style="FONT-FAMILY: 宋体; mso-bidi-font-family: 宋体"><FONT color=#000000 size=3>测试<SPAN lang=EN-US>MX</SPAN>记录</FONT></SPAN></STRONG><SPAN lang=EN-US><BR><FONT face=宋体 color=#000000 size=3># host exmple.com<BR>example.com mail is handled by 10 mail.example.com.<BR>#nslookup mail.example.com<BR>Name:mail.example.com<BR>Address:192.168.1.100<BR><BR></FONT></SPAN><FONT color=#000000><FONT face=宋体><SPAN lang=EN-US style="FONT-SIZE: 13.5pt">2.SPF</SPAN><SPAN style="FONT-SIZE: 13.5pt">记录</SPAN></FONT></FONT><SPAN lang=EN-US><BR><FONT face=宋体 color=#000000 size=3>SPF</FONT></SPAN><FONT face=宋体 color=#000000 size=3>是指<SPAN lang=EN-US>Sender Policy Framework</SPAN>,是为了防范垃圾邮件而提出来的一种<SPAN lang=EN-US>DNS</SPAN>记录类型,<SPAN lang=EN-US>SPF</SPAN>是一种<SPAN lang=EN-US>TXT</SPAN>类型的记录。<SPAN lang=EN-US>SPF</SPAN>记录的本质,就是向收件人宣告:本域名的邮件从清单上所列<SPAN lang=EN-US>IP</SPAN>发出的都是合法邮件,并非冒充的垃圾邮件。设置好<SPAN lang=EN-US>SPF</SPAN>是正确设置邮件发送的域名记录和<SPAN lang=EN-US>STMP</SPAN>的非常重要的一步。</FONT><SPAN lang=EN-US><BR></SPAN><FONT face=宋体 color=#000000 size=3>例如:</FONT><SPAN lang=EN-US><BR><FONT face=宋体 color=#000000 size=3>SPF </FONT></SPAN><FONT face=宋体 color=#000000 size=3>记录指向<SPAN lang=EN-US>A</SPAN>主机记录</FONT><SPAN lang=EN-US><BR><FONT face=宋体 color=#000000 size=3>example.com. &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 3600 &nbsp; &nbsp;IN &nbsp; &nbsp; &nbsp;TXT &nbsp; &nbsp; "v=spf1 mx mx:mail.example.com ~all"<BR>SPF </FONT></SPAN><FONT face=宋体 color=#000000 size=3>记录指向<SPAN lang=EN-US>IP</SPAN>地址</FONT><SPAN lang=EN-US><BR><FONT face=宋体 color=#000000 size=3>example.com. &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;3600 &nbsp; &nbsp;IN &nbsp; &nbsp; &nbsp;TXT &nbsp; &nbsp; "v=spf1 ip4:192.168.1.100 ~all"<BR></FONT></SPAN><FONT size=3><FONT face=宋体><FONT color=#000000>。(以上内容参考自:</FONT><SPAN lang=EN-US><A href="http://baike.baidu.com/view/1372988.htm"><FONT color=#0000ff>http://baike.baidu.com/view/1372988.htm</FONT></A></SPAN><FONT color=#000000>)</FONT></FONT></FONT><SPAN lang=EN-US><BR><STRONG><SPAN style="FONT-FAMILY: 宋体; mso-bidi-font-family: 宋体"><FONT color=#000000 size=3>2.1 </FONT></SPAN></STRONG></SPAN><STRONG><SPAN style="FONT-FAMILY: 宋体; mso-bidi-font-family: 宋体"><FONT size=3><FONT color=#000000>如何查看<SPAN lang=EN-US>SPF</SPAN></FONT></FONT></SPAN></STRONG><SPAN lang=EN-US><BR><FONT face=宋体 color=#000000 size=3>Windows</FONT></SPAN><FONT face=宋体 color=#000000 size=3>下<SPAN lang=EN-US>**DOS</SPAN>模式后用以下命令</FONT><FONT size=3><FONT color=#000000><FONT face=宋体><SPAN lang=EN-US>:<BR>nslookup -type=txt </SPAN>域名</FONT></FONT></FONT><SPAN lang=EN-US><BR><FONT face=宋体 color=#000000 size=3>Unix</FONT></SPAN><FONT face=宋体 color=#000000 size=3>操作系统下用:</FONT><SPAN lang=EN-US><BR><FONT face=宋体 color=#000000 size=3># dig -t txt </FONT></SPAN><FONT face=宋体 color=#000000 size=3>域名</FONT><SPAN lang=EN-US><BR><BR><STRONG><SPAN style="FONT-FAMILY: 宋体; mso-bidi-font-family: 宋体"><FONT color=#000000 size=3>2.2 SPF</FONT></SPAN></STRONG></SPAN><STRONG><SPAN style="FONT-FAMILY: 宋体; mso-bidi-font-family: 宋体"><FONT color=#000000 size=3>的简单说明如下:</FONT></SPAN></STRONG><SPAN lang=EN-US><BR><FONT face=宋体 color=#000000 size=3>v=spf1 </FONT></SPAN><FONT face=宋体 color=#000000 size=3>表示<SPAN lang=EN-US> spf1 </SPAN>的版本</FONT><SPAN lang=EN-US><BR><FONT face=宋体 color=#000000 size=3>IP4 </FONT></SPAN><FONT face=宋体 color=#000000 size=3>代表<SPAN lang=EN-US>IPv4</SPAN>进行验证<SPAN lang=EN-US>(IP6</SPAN>代表用<SPAN lang=EN-US>IPv6</SPAN>进行验证<SPAN lang=EN-US>), </SPAN>注意<SPAN lang=EN-US> “ip4:” </SPAN>和<SPAN lang=EN-US>“IP”</SPAN>之间是没有空格的</FONT><SPAN lang=EN-US><BR><FONT face=宋体 color=#000000 size=3>~all </FONT></SPAN><FONT face=宋体 color=#000000 size=3>代表结束</FONT><SPAN lang=EN-US><BR><BR><STRONG><SPAN style="FONT-FAMILY: 宋体; mso-bidi-font-family: 宋体"><FONT color=#000000 size=3>2.3 SPF</FONT></SPAN></STRONG></SPAN><STRONG><SPAN style="FONT-FAMILY: 宋体; mso-bidi-font-family: 宋体"><FONT color=#000000 size=3>记录例释</FONT></SPAN></STRONG><SPAN lang=EN-US><BR></SPAN><FONT face=宋体 color=#000000 size=3>我们看这条</FONT><FONT size=3><FONT color=#000000><FONT face=宋体><SPAN lang=EN-US>SPF:<BR>yourdomain.com "v=spf1 a mx mx:mail.jefflei.com ip4:202.96.88.88 ~all"<BR></SPAN>这条<SPAN lang=EN-US>SPF</SPAN>记录具体的说明了允许发送<SPAN lang=EN-US> @yourdomain.com </SPAN>的<SPAN lang=EN-US>IP</SPAN>地址是:<SPAN lang=EN-US>a </SPAN>(这个<SPAN lang=EN-US>a</SPAN>是指<SPAN lang=EN-US> yourdomain.com </SPAN>解析出来的<SPAN lang=EN-US>IP</SPAN>地址,若没有配置应取消)</FONT></FONT></FONT><SPAN lang=EN-US><BR><FONT face=宋体 color=#000000 size=3>mx </FONT></SPAN><FONT face=宋体 color=#000000 size=3>(<SPAN lang=EN-US>yourdomain.com </SPAN>对应的<SPAN lang=EN-US>mx</SPAN>,即<SPAN lang=EN-US> mail.yourdomain.com</SPAN>的<SPAN lang=EN-US>A</SPAN>记录所对应的<SPAN lang=EN-US>ip</SPAN>)</FONT><SPAN lang=EN-US><BR><FONT face=宋体 color=#000000 size=3>mx:mail.jefflei.com </FONT></SPAN><FONT face=宋体 color=#000000 size=3>(如果没有配置过<SPAN lang=EN-US>mail.jefflei.com</SPAN>这条<SPAN lang=EN-US>MX</SPAN>记录也应取消)</FONT><SPAN lang=EN-US><BR><FONT face=宋体 color=#000000 size=3>ip4:202.96.88.88 </FONT></SPAN><FONT face=宋体 color=#000000 size=3>(直接就是<SPAN lang=EN-US> 202.152.186.85 </SPAN>这个<SPAN lang=EN-US>IP</SPAN>地址)</FONT><SPAN lang=EN-US><BR></SPAN><FONT face=宋体 color=#000000 size=3>其他还有些语法如下:</FONT><SPAN lang=EN-US><BR><FONT face=宋体 color=#000000 size=3>- Fail, </FONT></SPAN><FONT face=宋体 color=#000000 size=3>表示没有其他任何匹配发生</FONT><SPAN lang=EN-US><BR><FONT face=宋体 color=#000000 size=3>~ </FONT></SPAN><FONT face=宋体 color=#000000 size=3>代表软失败,通常用于测试中</FONT><SPAN lang=EN-US><BR><FONT face=宋体 color=#000000 size=3>? </FONT></SPAN><FONT face=宋体 color=#000000 size=3>代表忽略</FONT><SPAN lang=EN-US><BR><BR></SPAN><FONT face=宋体 color=#000000 size=3>如果外发的<SPAN lang=EN-US>ip</SPAN>不止一个,那么必须要包含多个</FONT><SPAN lang=EN-US><BR><FONT face=宋体><FONT size=3><FONT color=#000000>v=spf1 ip4:202.96.88.88 ip4:202.96.88.87 ~all<BR><BR><STRONG><SPAN style="FONT-FAMILY: 宋体; mso-bidi-font-family: 宋体">2.4 </SPAN></STRONG></FONT></FONT></FONT></SPAN><STRONG><SPAN style="FONT-FAMILY: 宋体; mso-bidi-font-family: 宋体"><FONT color=#000000 size=3>测试<SPAN lang=EN-US>SPF</SPAN>设置结果</FONT></SPAN></STRONG><SPAN lang=EN-US><BR></SPAN><FONT face=宋体 color=#000000 size=3>设置好<SPAN lang=EN-US> DNS</SPAN>中的<SPAN lang=EN-US>SPF</SPAN>记录后,发送邮件给自己的<SPAN lang=EN-US>gmail</SPAN>,然后查看邮件的源文件,应该能看到类似的邮件头,其中有<SPAN lang=EN-US>pass</SPAN>表示设置成功。</FONT><SPAN lang=EN-US><BR><FONT face=宋体 color=#000000 size=3>Received-SPF: pass (google.com: domain of test@jefflei.com designates<BR>&nbsp; &nbsp; 202.96.88.87 as permitted sender) client-ip=202.96.88.87;<BR></FONT></SPAN><FONT face=宋体 color=#000000 size=3>需要注意的是,服务器的<SPAN lang=EN-US>IP</SPAN>若有更改,需要同时修改<SPAN lang=EN-US>SPF</SPAN>!!!</FONT><SPAN lang=EN-US><BR><BR><STRONG><SPAN style="FONT-FAMILY: 宋体; mso-bidi-font-family: 宋体"><FONT color=#000000 size=3>2.5 </FONT></SPAN></STRONG></SPAN><STRONG><SPAN style="FONT-FAMILY: 宋体; mso-bidi-font-family: 宋体"><FONT color=#000000 size=3>利用<SPAN lang=EN-US>SPF</SPAN>记录防止垃圾邮件</FONT></SPAN></STRONG><SPAN lang=EN-US><BR></SPAN><FONT face=宋体 color=#000000 size=3>在<SPAN lang=EN-US>Unix</SPAN>下可以安装配置<SPAN lang=EN-US>SpamAssassin</SPAN>之类的插件来防止垃圾邮件和钓鱼邮件</FONT><FONT color=#000000><FONT face=宋体><SPAN lang=EN-US><FONT size=3>(Phishing)<BR><BR><BR></FONT></SPAN><SPAN lang=EN-US style="FONT-SIZE: 13.5pt">3.DKIM</SPAN><SPAN style="FONT-SIZE: 13.5pt">记录(</SPAN><FONT size=3>通过<SPAN lang=EN-US>Domainkeys</SPAN>或<SPAN lang=EN-US>DKIM</SPAN></FONT><FONT size=3>给自己的邮件添加一个数字验证</FONT><SPAN style="FONT-SIZE: 13.5pt">)</SPAN></FONT></FONT><SPAN lang=EN-US><BR><FONT face=宋体 color=#000000 size=3>DKIM </FONT></SPAN><FONT face=宋体 color=#000000 size=3>技术通过在每封电子邮件上增加加密的数字标志,然后与合法的互联网地址数据库中的记录进行比较。当收到电子邮件后,只有加密信息与数据库中记录匹配的电子邮件,才能够<SPAN lang=EN-US>**</SPAN>用户的收件箱。它还能检查邮件的完整性,避免黑客等未授权者的修改。<SPAN lang=EN-US> DKIM </SPAN>的基本工作原理同样是基于传统的密钥认证方式,他会产生两组钥匙,公钥<SPAN lang=EN-US>(public key)</SPAN>和私钥<SPAN lang=EN-US>(private key)</SPAN>,公钥将会存放在<SPAN lang=EN-US> DNS </SPAN>中,而私钥会存放在寄信服务器中。私钥会自动产生,并依附在邮件头中,发送到寄信者的服务器里。公钥则放在<SPAN lang=EN-US>DNS</SPAN>服务器上,供自动获得。收信的服务器,将会收到夹带在邮件头中的私钥和在<SPAN lang=EN-US>DNS</SPAN>上自己获取公钥,然后进行比对,比较寄信者的域名是否合法,如果不合法,则判定为垃圾邮件。由于数字签名是无法仿造的,因此这项技术对于垃圾邮件制造者将是一次致命的打击,他们很难再像过去一样,通过盗用发件人姓名、改变附件属性等小伎俩达到目的。在此之前,垃圾邮件制造者通过把文本转换为图像等方式逃避邮件过滤,并且使得一度逐渐下降的垃圾邮件数目再度抬头。</FONT><SPAN lang=EN-US><BR></SPAN><FONT face=宋体 color=#000000 size=3>注意:<SPAN lang=EN-US>Amavisd-new </SPAN>只有<SPAN lang=EN-US> <?xml:namespace prefix = st1 ns = "urn:schemas-microsoft-com:office:smarttags" /><st1:chsdate w:st="on" IsROCDate="False" IsLunarDate="False" Day="30" Month="12" Year="1899">2.6.0</st1:chsdate> </SPAN>及以上版本集成了<SPAN lang=EN-US> DKIM </SPAN>功能。</FONT></P>
<P><SPAN style="BACKGROUND: silver; mso-highlight: silver"><FONT size=3><FONT color=#000000><FONT face=宋体>下面简单说下安装方法(如果没安装的话)<SPAN lang=EN-US><o:p></o:p></SPAN></FONT></FONT></FONT></SPAN></P>
<P><SPAN style="FONT-SIZE: 10.5pt; BACKGROUND: silver; mso-highlight: silver"><FONT face=宋体><FONT color=#000000>(可参考</FONT><SPAN lang=EN-US><A href="http://eric.lubow.org/2009/mail/setting-up-dkim-and-postfix/"><FONT color=#0000ff>http://eric.lubow.org/2009/mail/setting-up-dkim-and-postfix/</FONT></A></SPAN><FONT color=#000000>)<SPAN lang=EN-US><o:p></o:p></SPAN></FONT></FONT></SPAN></P>
<P><SPAN style="FONT-SIZE: 10.5pt; BACKGROUND: silver; mso-highlight: silver"><FONT color=#000000><FONT face=宋体>(<SPAN lang=EN-US>1</SPAN>)下载<SPAN lang=EN-US>DKIM</SPAN>的<SPAN lang=EN-US>source</SPAN>包,编译安装。由于<SPAN lang=EN-US>DKIM</SPAN>需要<SPAN lang=EN-US>libmilter</SPAN>模块,如果你用的<SPAN lang=EN-US>SMTP</SPAN>软件是<SPAN lang=EN-US>sendmail</SPAN>的话,会在<SPAN lang=EN-US>sendmail</SPAN>中自带此模块。但如果你用的是其他软件(如<SPAN lang=EN-US>postfix</SPAN>)的话,那么就要先下载最新的<SPAN lang=EN-US>sendmail source</SPAN>包,解压后可找到子目录<SPAN lang=EN-US>“libmilter”</SPAN>。在里面用<SPAN lang=EN-US>./Build</SPAN>和<SPAN lang=EN-US>./Build install</SPAN>安装<SPAN lang=EN-US>libmilter</SPAN>模块。<SPAN lang=EN-US><o:p></o:p></SPAN></FONT></FONT></SPAN></P>
<P><SPAN style="FONT-SIZE: 10.5pt; BACKGROUND: silver; mso-highlight: silver"><FONT color=#000000><FONT face=宋体>(<SPAN lang=EN-US>2</SPAN>)通过<SPAN lang=EN-US>dkim-genkey</SPAN>生成证书。<SPAN lang=EN-US>dkim</SPAN>可以给多个服务器发布不同的证书验证。方法是通过<SPAN lang=EN-US>Selector</SPAN>来区分。在使用<SPAN lang=EN-US>dkim-genkey</SPAN>生成证书时,可通过参数<SPAN lang=EN-US>-s</SPAN>来设置<SPAN lang=EN-US>selector</SPAN>。如果不指定<SPAN lang=EN-US>selector</SPAN>的话,系统默认使用<SPAN lang=EN-US>default</SPAN>作为<SPAN lang=EN-US>selector</SPAN>。参数<SPAN lang=EN-US>-d</SPAN>是域名。<SPAN lang=EN-US><o:p></o:p></SPAN></FONT></FONT></SPAN></P>
<P><SPAN style="FONT-SIZE: 10.5pt; BACKGROUND: silver; mso-highlight: silver"><FONT color=#000000><FONT face=宋体>如:<SPAN lang=EN-US> dkim-genkey -s mail1 -d jackyhe.com </SPAN>可生成一个<SPAN lang=EN-US>selector</SPAN>是<SPAN lang=EN-US>mail1</SPAN>的<SPAN lang=EN-US>jackyhe.com</SPAN>下的证书。<SPAN lang=EN-US><o:p></o:p></SPAN></FONT></FONT></SPAN></P>
<P><SPAN style="FONT-SIZE: 10.5pt; BACKGROUND: silver; mso-highlight: silver"><FONT color=#000000><FONT face=宋体>名称成功执行后,会在当前目录生成两个名字叫<SPAN lang=EN-US>mail1.txt</SPAN>和<SPAN lang=EN-US>mail1.private</SPAN>的文件。<SPAN lang=EN-US>mail1.txt</SPAN>是公钥部分,需要添加到<SPAN lang=EN-US>DNS</SPAN>的<SPAN lang=EN-US>txt</SPAN>记录中。<SPAN lang=EN-US><o:p></o:p></SPAN></FONT></FONT></SPAN></P>
<P><SPAN style="FONT-SIZE: 10.5pt; BACKGROUND: silver; mso-highlight: silver"><FONT color=#000000><FONT face=宋体>内容如:<SPAN lang=EN-US><o:p></o:p></SPAN></FONT></FONT></SPAN></P>
<P><FONT face=宋体><SPAN lang=EN-US style="FONT-SIZE: 10.5pt; BACKGROUND: silver; COLOR: red; mso-highlight: silver">mail1._domainkey</SPAN><SPAN lang=EN-US style="FONT-SIZE: 10.5pt; BACKGROUND: silver; mso-highlight: silver"><FONT color=#000000> IN TXT “</FONT><SPAN style="COLOR: blue">v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC2ubSRHUKzL4ucfzuMKEHyy6rx/WlrZB5SKYKrCsSJWUpQstNqjcaLntaQtmKEnDgDr5rMvklaByf8vE5guqZerZ8UWeBx5joIwuohjkapgM/R6lFmI9VUj8N/c5O9AxQAOQLgnDNPl5OQamUuOp<st1:chmetcnv w:st="on" TCSC="0" NumberType="1" Negative="False" HasSpace="False" SourceValue="9" UnitName="C">9c</st1:chmetcnv>5W0jLbYd/hrymPYBSKEi0wIDAQAB</SPAN><FONT color=#000000>” ; —– DKIM mail1 for jackyhe.com<o:p></o:p></FONT></SPAN></FONT></P>
<P><SPAN style="FONT-SIZE: 10.5pt; BACKGROUND: silver; mso-highlight: silver"><FONT color=#000000><FONT face=宋体>我们需要在<SPAN lang=EN-US>DNS</SPAN>的管理界面中添加一个新的<SPAN lang=EN-US>txt</SPAN>记录。名字写<SPAN lang=EN-US>“mail1._domainkey”</SPAN>(<SPAN lang=EN-US>txt</SPAN>文件中红色部分,不同的<SPAN lang=EN-US>selector</SPAN>就不同了)。值为<SPAN lang=EN-US>txt</SPAN>文件中双引号的内容(如蓝色部分)。<SPAN lang=EN-US><o:p></o:p></SPAN></FONT></FONT></SPAN></P>
<P><SPAN style="FONT-SIZE: 10.5pt; BACKGROUND: silver; mso-highlight: silver"><FONT color=#000000><FONT face=宋体>然后,把<SPAN lang=EN-US>mail1.private</SPAN>(这是密钥)保存在服务器上的安全的目录。如<SPAN lang=EN-US>/etc/mail/dkim/keys</SPAN>。<SPAN lang=EN-US><o:p></o:p></SPAN></FONT></FONT></SPAN></P>
<P><SPAN style="FONT-SIZE: 10.5pt; BACKGROUND: silver; mso-highlight: silver"><FONT color=#000000><FONT face=宋体>(<SPAN lang=EN-US>3</SPAN>)配置<SPAN lang=EN-US>DKIM</SPAN>,<SPAN lang=EN-US>DKIM</SPAN>的配置文件是<SPAN lang=EN-US>dkim-filter.conf</SPAN>。里面有很多默认的设置。我们只要改下面的内容就可以了:<SPAN lang=EN-US><o:p></o:p></SPAN></FONT></FONT></SPAN></P>
<P><SPAN lang=EN-US style="FONT-SIZE: 10.5pt; BACKGROUND: silver; mso-highlight: silver"><FONT face=宋体 color=#000000>Domain&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; jackyhe.com&nbsp;&nbsp; ## </FONT></SPAN><SPAN style="FONT-SIZE: 10.5pt; BACKGROUND: silver; mso-highlight: silver"><FONT face=宋体 color=#000000>设置域名</FONT><SPAN lang=EN-US><BR><FONT face=宋体 color=#000000>ExternalIgnoreList&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; /etc/mail/dkim/trusted-hosts ## </FONT></SPAN><FONT color=#000000><FONT face=宋体>设置可信任机器,如<SPAN lang=EN-US>127.0.0.1<o:p></o:p></SPAN></FONT></FONT></SPAN></P>
<P><SPAN lang=EN-US style="FONT-SIZE: 10.5pt; BACKGROUND: silver; mso-highlight: silver"><FONT color=#000000><FONT face=宋体>InternalHosts&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; /etc/mail/dkim/trusted-hosts <o:p></o:p></FONT></FONT></SPAN></P>
<P><FONT color=#000000><FONT face=宋体><SPAN lang=EN-US style="FONT-SIZE: 10.5pt; BACKGROUND: silver; mso-highlight: silver">KeyFile&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; /etc/mail/dkim/keys/mail1.private ##</SPAN><SPAN style="FONT-SIZE: 10.5pt; BACKGROUND: silver; mso-highlight: silver">就是密钥的保存位置<SPAN lang=EN-US><o:p></o:p></SPAN></SPAN></FONT></FONT></P>
<P><FONT color=#000000><FONT face=宋体><SPAN lang=EN-US style="FONT-SIZE: 10.5pt; BACKGROUND: silver; mso-highlight: silver">Selector&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; mail1 ##</SPAN><SPAN style="FONT-SIZE: 10.5pt; BACKGROUND: silver; mso-highlight: silver">本机使用的<SPAN lang=EN-US>selector</SPAN>的名字,比如<SPAN lang=EN-US>mail1<o:p></o:p></SPAN></SPAN></FONT></FONT></P>
<P><FONT color=#000000><FONT face=宋体><SPAN lang=EN-US style="FONT-SIZE: 10.5pt; BACKGROUND: silver; mso-highlight: silver">LocalADSP&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; /etc/mail/dkim/local-adsp-rules ## </SPAN><SPAN style="FONT-SIZE: 10.5pt; BACKGROUND: silver; mso-highlight: silver">可在此文件中添加自己的<SPAN lang=EN-US>ADSP</SPAN>规则(<SPAN lang=EN-US>ADSP</SPAN>规则在下面说明)<SPAN lang=EN-US><o:p></o:p></SPAN></SPAN></FONT></FONT></P>
<P><SPAN lang=EN-US style="FONT-SIZE: 10.5pt; BACKGROUND: silver; mso-highlight: silver"><FONT color=#000000><FONT face=宋体>Socket&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; local:/var/run/dkim-milter/dkim.sock<o:p></o:p></FONT></FONT></SPAN></P>
<P><SPAN style="FONT-SIZE: 10.5pt; BACKGROUND: silver; mso-highlight: silver"><FONT color=#000000><FONT face=宋体>(<SPAN lang=EN-US>4</SPAN>)启动<SPAN lang=EN-US>DKIM</SPAN>,如<SPAN lang=EN-US> /usr/sbin/dkim-filter -x /etc/dkim-filter.conf<o:p></o:p></SPAN></FONT></FONT></SPAN></P>
<P><SPAN style="FONT-SIZE: 10.5pt; BACKGROUND: silver; mso-highlight: silver"><FONT color=#000000><FONT face=宋体>(<SPAN lang=EN-US>5</SPAN>)在原来的<SPAN lang=EN-US>SMTP</SPAN>服务端(如<SPAN lang=EN-US>sendmail,postfix</SPAN>)上修改设置。如<SPAN lang=EN-US>postfix</SPAN>中可添加如下设置:<SPAN lang=EN-US><o:p></o:p></SPAN></FONT></FONT></SPAN></P>
<P><SPAN lang=EN-US style="FONT-SIZE: 10.5pt; BACKGROUND: silver; mso-highlight: silver"><FONT color=#000000><FONT face=宋体>smtpd_milters = unix:/var/run/dkim-milter/dkim.sock<BR>non_smtpd_milters = unix:/var/run/dkim-milter/dkim.sock<BR>milter_protocol = 2<o:p></o:p></FONT></FONT></SPAN></P>
<P><SPAN style="FONT-SIZE: 10.5pt; BACKGROUND: silver; mso-highlight: silver"><FONT color=#000000><FONT face=宋体>重启<SPAN lang=EN-US>SMTP</SPAN>服务后看是否可以发邮件。如果在<SPAN lang=EN-US>maillog</SPAN>中看到<SPAN lang=EN-US>”DKIM-Signature” header added</SPAN>,就应该大功告成了。<SPAN lang=EN-US><o:p></o:p></SPAN></FONT></FONT></SPAN></P>
<P><SPAN style="FONT-SIZE: 10.5pt; BACKGROUND: silver; mso-highlight: silver"><FONT color=#000000><FONT face=宋体>试试发邮件给<SPAN lang=EN-US>gmail.com</SPAN>的邮箱,然后在<SPAN lang=EN-US>gmail</SPAN>中看看这邮件的邮件头,看看有没有找到<SPAN lang=EN-US>dkim=pass</SPAN>。如果有就恭喜你了。<SPAN lang=EN-US><o:p></o:p></SPAN></FONT></FONT></SPAN></P>
<P><SPAN style="FONT-SIZE: 10.5pt; BACKGROUND: silver; mso-highlight: silver"><FONT face=宋体><FONT color=#000000>(<SPAN lang=EN-US>6</SPAN>)最后说说什么是<SPAN lang=EN-US>ADSP</SPAN>。在<SPAN lang=EN-US>DKIM</SPAN>说明(</FONT><SPAN lang=EN-US><A href="http://www.dkim.org/specs/draft-ietf-dkim-ssp-04.html"><FONT color=#0000ff>http://www.dkim.org/specs/draft-ietf-dkim-ssp-04.html</FONT></A></SPAN><FONT color=#000000>)中提到。我们可以有如下设置来限制没有通过<SPAN lang=EN-US>DKIM</SPAN>签名而又用我们的域发出的邮件。<SPAN lang=EN-US><o:p></o:p></SPAN></FONT></FONT></SPAN></P>
<P><FONT color=#000000><SPAN style="FONT-SIZE: 10.5pt; BACKGROUND: silver; mso-highlight: silver"><FONT face=宋体>我们可以在<SPAN lang=EN-US>DNS</SPAN>中添加一个新的<SPAN lang=EN-US>TXT</SPAN>记录,名称是<SPAN lang=EN-US>“</SPAN></FONT></SPAN><SAMP><SPAN lang=EN-US style="FONT-SIZE: 10.5pt; BACKGROUND: silver; FONT-FAMILY: NSimsun; mso-highlight: silver">_adsp._domainkey</SPAN></SAMP><FONT face=宋体><SPAN lang=EN-US style="FONT-SIZE: 10.5pt; BACKGROUND: silver; mso-highlight: silver">”</SPAN><SPAN style="FONT-SIZE: 10.5pt; BACKGROUND: silver; mso-highlight: silver">,值是<SPAN lang=EN-US>“dkim=all”</SPAN>。<SPAN lang=EN-US><o:p></o:p></SPAN></SPAN></FONT></FONT></P>
<P><FONT color=#000000><FONT face=宋体><SPAN lang=EN-US style="FONT-SIZE: 10.5pt; BACKGROUND: silver; mso-highlight: silver">“dkim=”</SPAN><SPAN style="FONT-SIZE: 10.5pt; BACKGROUND: silver; mso-highlight: silver">后可有三个可选值:<SPAN lang=EN-US><o:p></o:p></SPAN></SPAN></FONT></FONT></P>
<P><FONT color=#000000><FONT face=宋体><SPAN lang=EN-US style="FONT-SIZE: 10.5pt; BACKGROUND: silver; mso-highlight: silver">unknow: </SPAN><SPAN style="FONT-SIZE: 10.5pt; BACKGROUND: silver; mso-highlight: silver">意思是从这个域发出的邮件可带<SPAN lang=EN-US>DKIM</SPAN>证书,也可不带。<SPAN lang=EN-US><o:p></o:p></SPAN></SPAN></FONT></FONT></P>
<P><FONT color=#000000><FONT face=宋体><SPAN lang=EN-US style="FONT-SIZE: 10.5pt; BACKGROUND: silver; mso-highlight: silver">all: </SPAN><SPAN style="FONT-SIZE: 10.5pt; BACKGROUND: silver; mso-highlight: silver">意思是从这个域名发出的证书都应该带<SPAN lang=EN-US>DKIM</SPAN>证书的。<SPAN lang=EN-US><o:p></o:p></SPAN></SPAN></FONT></FONT></P>
<P><FONT color=#000000><FONT face=宋体><SPAN lang=EN-US style="FONT-SIZE: 10.5pt; BACKGROUND: silver; mso-highlight: silver">discardable</SPAN><SPAN style="FONT-SIZE: 10.5pt; BACKGROUND: silver; mso-highlight: silver">: 意思是强烈建议接收邮件的对端把没有<SPAN lang=EN-US>DKIM</SPAN>证书或<SPAN lang=EN-US>DKIM</SPAN>验证失败的邮件丢弃掉。<SPAN lang=EN-US><o:p></o:p></SPAN></SPAN></FONT></FONT></P>
<P><FONT color=#000000><FONT face=宋体><SPAN style="FONT-SIZE: 10.5pt; BACKGROUND: silver; mso-highlight: silver">而之前提到的<SPAN lang=EN-US>“LocalADSP”</SPAN>中的设置,就是在自己服务器上设置规定,在接收对方的邮件时不查询<SPAN lang=EN-US>DNS</SPAN>的<SPAN lang=EN-US>ADSP</SPAN>记录,而是按照自己的要求设置。</SPAN><SPAN lang=EN-US style="FONT-SIZE: 10.5pt"><o:p></o:p></SPAN></FONT></FONT></P>
<P><SPAN lang=EN-US><BR><BR><STRONG><SPAN style="FONT-FAMILY: 宋体; mso-bidi-font-family: 宋体"><FONT color=#000000 size=3>3.1 </FONT></SPAN></STRONG></SPAN><STRONG><SPAN style="FONT-FAMILY: 宋体; mso-bidi-font-family: 宋体"><FONT color=#000000 size=3>这里可以通过<SPAN lang=EN-US>iredmail.tips </SPAN>获得域名的<SPAN lang=EN-US>DKIM</SPAN>,也可以在命令行下输入</FONT></SPAN></STRONG><SPAN lang=EN-US><BR><FONT face=宋体><FONT size=3><FONT color=#000000># amavisd-new showkeys<BR>; key#1, domain example.com, /var/lib/dkim/example.com.pem<BR>dkim._domainkey.example.com. &nbsp; &nbsp;3600 TXT (<BR>&nbsp; "v=DKIM1; p="<BR>&nbsp; "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDGNVMuQRKqYeySIzqTGTm3xRzF"<BR>&nbsp; "/ZzhmMnpZkEcVVjFAk+t7E388oFGu/knyh6KBKwpZxHUN5HoOYVjMudqaR2FcSvK"<BR>&nbsp; "z+joFj8Vh3rXoTLa1zHDyfD7hICzxdEgmQZ8MJM5rjPPrRGZXnPowNYDsd6nDJ86"<BR>&nbsp; "N38iFYU+jALBYDLBwQIDAQAB")<BR><BR><STRONG><SPAN style="FONT-FAMILY: 宋体; mso-bidi-font-family: 宋体">3.2 </SPAN></STRONG></FONT></FONT></FONT></SPAN><STRONG><SPAN style="FONT-FAMILY: 宋体; mso-bidi-font-family: 宋体"><FONT color=#000000 size=3>把上面记录添加到<SPAN lang=EN-US>ISP</SPAN>的<SPAN lang=EN-US>DNS</SPAN>记录</FONT></SPAN></STRONG><SPAN lang=EN-US><BR><FONT face=宋体 color=#000000 size=3>dkim._domainkey.example.com. &nbsp; v=DKIM1; p=MIGfMA0....</FONT></SPAN><FONT face=宋体 color=#000000 size=3>(省略)</FONT><SPAN lang=EN-US><FONT face=宋体><FONT size=3><FONT color=#000000>DLBwQIDAQAB<BR><BR><STRONG><SPAN style="FONT-FAMILY: 宋体; mso-bidi-font-family: 宋体">3.3 </SPAN></STRONG></FONT></FONT></FONT></SPAN><STRONG><SPAN style="FONT-FAMILY: 宋体; mso-bidi-font-family: 宋体"><FONT color=#000000 size=3>添加完<SPAN lang=EN-US>DNS</SPAN>记录后,如果记录生效,可以通过运行命令检测</FONT></SPAN></STRONG><SPAN lang=EN-US><BR><FONT face=宋体 color=#000000 size=3># amavisd-new testkeys<BR>TESTING: dkim._domainkey.example.com &nbsp; &nbsp; &nbsp;=&gt; pass<BR><BR></FONT></SPAN><SPAN style="FONT-SIZE: 13.5pt"><FONT face=宋体 color=#000000>检查<SPAN lang=EN-US>DNS</SPAN>设置</FONT></SPAN><SPAN lang=EN-US><BR></SPAN><FONT face=宋体 color=#000000 size=3>下面有几种方法,可以帮助你检测<SPAN lang=EN-US>DNS</SPAN>是否设置生效和正常工作:</FONT><SPAN lang=EN-US><BR><FONT size=3><FONT color=#000000><STRONG><SPAN style="FONT-FAMILY: 宋体; mso-bidi-font-family: 宋体">1.nslookup</SPAN></STRONG><BR></FONT></FONT><FONT face=宋体 color=#000000 size=3>#nslookup<BR>Default Server: &nbsp;unknown<BR>Address: &nbsp;192.168.1.1<BR>&gt; server <st1:chsdate w:st="on" IsROCDate="False" IsLunarDate="False" Day="30" Month="12" Year="1899">4.2.2</st1:chsdate>.1<BR>Default Server: &nbsp;vnsc-pri.sys.gtei.net<BR>Address: &nbsp;4.2.2.1<BR>&gt; set type=mx<BR>&gt; example.com<BR>Server: &nbsp;vnsc-pri.sys.gtei.net<BR>Address: &nbsp;4.2.2.1<BR>Non-authoritative answer:<BR>example.com &nbsp; &nbsp; &nbsp;MX preference = 20, mail exchanger = mail.example.com<BR>&gt; set type=txt<BR>&gt; example.com<BR>Server: &nbsp;vnsc-pri.sys.gtei.net<BR>Address: &nbsp;4.2.2.1<BR>Non-authoritative answer:<BR>example.com &nbsp; &nbsp; &nbsp;text =<BR>&nbsp; &nbsp; &nbsp; &nbsp; "v=spf1 ip4:192.168.1.100 -all"<BR>&gt; dkim._domainkey.example.com<BR>Server: &nbsp;vnsc-pri.sys.gtei.net<BR>Address: &nbsp;4.2.2.1<BR>Non-authoritative answer:<BR>dkim._domainkey.example.com &nbsp; &nbsp; &nbsp;text =<BR>&nbsp; &nbsp; &nbsp; &nbsp; "v=DKIM1; p= MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCsgZaIvYHAos2jbp3CHW0<BR>AwrTnAEwV1p4EaZP/JuF8t1BETBVg6WJr3YWN5ijCpi9vnw96nmf/u5MgtbLwZ+AzDBkbOY7Jbb/hIO+<BR>mpmmfdJAY3w8KoXLCuQKDysXOys45YtfJEj66s51EHH3W+iXPYw3I/NWHjY3a5/mXnk4XJQIDAQAB"<BR><BR></FONT><FONT size=3><FONT color=#000000><STRONG><SPAN style="FONT-FAMILY: 宋体; mso-bidi-font-family: 宋体">2.linux dig</SPAN></STRONG><BR><FONT face=宋体>MX</FONT></FONT></FONT></SPAN><FONT face=宋体 color=#000000 size=3>记录</FONT><SPAN lang=EN-US><BR><FONT face=宋体 color=#000000 size=3># host exmple.com<BR>example.com mail is handled by 10 mail.example.com.<BR><BR>SPF</FONT></SPAN><FONT face=宋体 color=#000000 size=3>记录</FONT><SPAN lang=EN-US><BR><FONT face=宋体 color=#000000 size=3># dig txt hotmail.com<BR>; &lt;&lt;&gt;&gt; DiG 9.4.2-P2 &lt;&lt;&gt;&gt; txt hotmail.com<BR>;; global options: &nbsp;printcmd<BR>;; Got answer:<BR>;; -&gt;&gt;HEADER&lt;&lt;- opcode: QUERY, status: NOERROR, id: 43130<BR>;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0<BR><BR>;; QUESTION SECTION:<BR>;hotmail.com. &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; IN &nbsp; &nbsp; &nbsp;TXT<BR><BR>;; ANSWER SECTION:<BR>hotmail.com. &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;3600 &nbsp; &nbsp;IN &nbsp; &nbsp; &nbsp;TXT &nbsp; &nbsp; "v=spf1 include:spf-a.hotmail.com include:spf-b.hotmail.com include:spf-c.hotmail.com include:spf-d.hotmail.com ~all"<BR><BR>;; Query time: 176 msec<BR>;; SERVER: 64.71.161.8#53(64.71.161.8)<BR>;; WHEN: Sat Dec &nbsp;5 08:43:51 2009<BR>;; MSG SIZE &nbsp;rcvd: 157<BR><BR>DKIM</FONT></SPAN><FONT size=3><FONT color=#000000><FONT face=宋体>记录<SPAN lang=EN-US><o:p></o:p></SPAN></FONT></FONT></FONT></P>
<P><SPAN lang=EN-US><FONT size=3><FONT color=#000000><FONT face=宋体>#dig txt &nbsp;dkim._domainkey.example.com<o:p></o:p></FONT></FONT></FONT></SPAN></P>
<P><SPAN lang=EN-US><FONT size=3><FONT color=#000000><FONT face=宋体>&nbsp;<o:p></o:p></FONT></FONT></FONT></SPAN></P>
<P><SPAN lang=EN-US><FONT size=3><FONT color=#000000><FONT face=宋体>&nbsp;<o:p></o:p></FONT></FONT></FONT></SPAN></P>
<P><FONT face=宋体 color=#000000 size=3>参考:</FONT></P>
<P><SPAN lang=EN-US><FONT face=宋体 color=#000000 size=3>http://www.ichiayi.com/wiki/tech/install_spf_dkim</FONT></SPAN></P>
<P><SPAN lang=EN-US><A href="http://blog.csdn.net/mal327/article/details/6700493"><FONT face=宋体 color=#800080 size=3>http://blog.csdn.net/mal327/article/details/6700493</FONT></A><o:p></o:p></SPAN></P>
<P class=MsoNormal style="MARGIN: 0cm 0cm 0pt"><SPAN lang=EN-US><FONT face="Times New Roman" color=#000000>http://hi.baidu.com/dongfangmn/blog/item/a214ec013b554d037aec<st1:chmetcnv w:st="on" TCSC="0" NumberType="1" Negative="False" HasSpace="False" SourceValue="2" UnitName="C">2c</st1:chmetcnv>12.html</FONT></SPAN></P>
<P>&nbsp;</P>
页: [1]
查看完整版本: CentOS5 配置sendmail imap,pop3,smtp认证