Cài đặt và câu hình Postfix + DKIMproxy cho phép gửi nhiều email trên Debian
1. Configure from menu for internet site and set system’s mailname
root@smtp1:~# apt-get install postfix
Reading package lists… Done
Building dependency tree
……………………..
Setting up libperl5.10 (5.10.1-17squeeze3) …
Setting up libpq5 (8.4.11-0squeeze1) …
2. add eth alias this postfix instance to work on
root@smtp1:~# ifconfig eth0:1 YOUR_IP netmask 255.255.255.224 up
root@smtp1:~# ifconfig
eth0 Link encap:Ethernet HWaddr 00:30:48:8e:1a:84
inet addr:YOU_IP1 Bcast:YOUR_IP5 Mask:255.255.255.0
inet6 addr: fe80::230:48ff:fe8e:1a84/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:376534 errors:0 dropped:0 overruns:0 frame:0
TX packets:3566 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:26484046 (25.2 MiB) TX bytes:298059 (291.0 KiB)
Interrupt:16 Memory:ee100000-ee120000
eth0:1 Link encap:Ethernet HWaddr 00:30:48:8e:1a:84
inet addr:YOUR_IP Bcast:62.73.117.31 Mask:255.255.255.224
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Interrupt:16 Memory:ee100000-ee120000
3. Make postfix configuration to be used with dkim and work on ip alias
root@smtp1:/etc/postfix# mv main.cf main.cf.orig
root@smtp1:/etc/postfix# vi main.cf
mail_name = smtp1.DOMAIN.com
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no
# appending .domain is the MUA’s job.
append_dot_mydomain = no
# Uncomment the next line to generate “delayed mail” warnings
#delay_warning_time = 4h
readme_directory = no
# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.
myhostname = smtp1.DOMAIN.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
mydestination = mailer, localhost.localdomain, , localhost
relayhost =
mynetworks = allowed_ips 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_command = procmail -a “$EXTENSION”
mailbox_size_limit = 0
recipient_delimiter = +
inet_protocols = ipv4
inet_interfaces = YOUR_IP, 127.0.0.1
root@smtp1:/etc/postfix# vi master.cf
root@smtp1:/etc/postfix# grep -v ^# master.cf|grep .
smtp inet n – - – - smtpd
submission inet n – - – - smtpd
-o content_filter=dksign:[127.0.0.1]:10027
-o receive_override_options=no_address_mappings
dksign unix – - n – 4 smtp
-o smtp_send_xforward_command=yes
-o smtp_discard_ehlo_keywords=8bitmime,starttls
127.0.0.1:10028 inet n – n – 10 smtpd
-o content_filter=
-o receive_override_options=no_unknown_recipient_chec ks,no_header_body_checks
-o smtpd_helo_restrictions=
-o smtpd_client_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,rej ect
-o mynetworks=127.0.0.0/8
-o smtpd_authorized_xforward_hosts=127.0.0.0/8
pickup fifo n – - 60 1 pickup
cleanup unix n – - – 0 cleanup
qmgr fifo n – n 300 1 qmgr
tlsmgr unix – - – 1000? 1 tlsmgr
rewrite unix – - – - – trivial-rewrite
bounce unix – - – - 0 bounce
defer unix – - – - 0 bounce
trace unix – - – - 0 bounce
verify unix – - – - 1 verify
flush unix n – - 1000? 0 flush
proxymap unix – - n – - proxymap
proxywrite unix – - n – 1 proxymap
smtp unix – - – - – smtp
relay unix – - – - – smtp
-o smtp_fallback_relay=
showq unix n – - – - showq
error unix – - – - – error
retry unix – - – - – error
discard unix – - – - – discard
local unix – n n – - local
virtual unix – n n – - virtual
lmtp unix – - – - – lmtp
anvil unix – - – - 1 anvil
scache unix – - – - 1 scache
maildrop unix – n n – - pipe
flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
uucp unix – n n – - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender – $nexthop!rmail ($recipient)
ifmail unix – n n – - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix – n n – - pipe
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix – n n – 2 pipe
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman unix – n n – - pipe
flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
${nexthop} ${user}
4. install dkimproxy
root@smtp1:/etc/postfix# apt-get install dkimproxy
Reading package lists… Done
Building dependency tree
Reading state information… Done
The following packages were automatically installed and are no longer required:
libmysqlclient16 libperl5.10 libpq5 mysql-common
Use ‘apt-get autoremove’ to remove them.
The following extra packages will be installed:
amavisd-new libarchive-zip-perl libberkeleydb-perl libcompress-raw-zlib-perl libconvert-binhex-perl libconvert-tnef-perl libconvert-uulib-perl libcrypt-openssl-bignum-perl libcrypt-openssl-rsa-perl
libdigest-hmac-perl libdigest-sha1-perl liberror-perl libio-multiplex-perl libio-stringy-perl libmail-dkim-perl libmailtools-perl libmime-tools-perl libnet-cidr-perl libnet-dns-perl libnet-ip-perl
libnet-server-perl libtext-wrapper-perl libtimedate-perl libunix-syslog-perl pax
Suggested packages:
spamassassin clamav clamav-daemon lha arj unrar zoo nomarch lzop cabextract libnet-ldap-perl libauthen-sasl-perl libdbi-perl dspam p7zip rpm unrar-free libsnmp-perl libio-socket-inet6-perl
libio-socket-ssl-perl
The following NEW packages will be installed:
amavisd-new dkimproxy libarchive-zip-perl libberkeleydb-perl libcompress-raw-zlib-perl libconvert-binhex-perl libconvert-tnef-perl libconvert-uulib-perl libcrypt-openssl-bignum-perl
libcrypt-openssl-rsa-perl libdigest-hmac-perl libdigest-sha1-perl liberror-perl libio-multiplex-perl libio-stringy-perl libmail-dkim-perl libmailtools-perl libmime-tools-perl libnet-cidr-perl
libnet-dns-perl libnet-ip-perl libnet-server-perl libtext-wrapper-perl libtimedate-perl libunix-syslog-perl pax
0 upgraded, 26 newly installed, 0 to remove and 0 not upgraded.
Need to get 2,786 kB of archives.
After this operation, 8,938 kB of additional disk space will be used.
Do you want to continue [Y/n]?
………
(failed).
invoke-rc.d: initscript amavis, action “start” failed.
WARNING: Starting amavisd-new failed. Please check your configuration.
Errors were encountered while processing:
dkimproxy
E: Sub-process /usr/bin/dpkg returned an error code (1)
5. Process dkimproxy configuration:root@smtp1:/etc# grep -v ^# /etc/default/dkimproxy |grep .
RUN_DKIMPROXY_OUT=1
RUN_DKIMPROXY_IN=0
DKIMRPOXY_OUT_CONF=”/etc/dkimproxy/dkimproxy_out.conf”
DKIMPROXYUSER=dkimproxy
DKIMPROXYGROUP=dkimproxy
DKIMPROXY_OUT_PRIVKEY=”/etc/dkim/keys/DOMAIN.com/private.key”
DOMAIN=smtp1.DOMAIN.com
DKIMPROXY_OUT_MIN_SERVERS=10
root@smtp1:/etc/dkimproxy# grep -v ^# dkimproxy_out.conf|grep .
listen 127.0.0.1:10027
relay 127.0.0.1:10028
domain DOMAIN.com
signature dkim(c=relaxed)
signature domainkeys(c=nofws)
keyfile /etc/dkim/keys/DOMAIN.com/private.key
selector 2012
reject_error 1
root@smtp1:/etc/dkimproxy# mkdir -p /etc/dkim/keys/DOMAIN.com
root@smtp1:/etc/dkimproxy# cd /etc/dkim/keys/DOMAIN.com
..here put the pre-generated keys, or generate new ones:
openssl genrsa -out private.key 1024
openssl rsa -in private.key -out public.key -pubout -outform PEM
.. put public key into dns:
2012._domainkey.DOMAIN.com. IN TXT “v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDuk8juJ1iT 7bST/0KykISBGOnJyR2h5cl3gxvshuh5mTODBp78cZbIYkOAGjEX/I6U2ox6s53yeEF7DQlHLJCId11wI486E4dGSOgRje2e5elHX6Q EwfEGDRyEL+6WwJo/BR3LHihbqHfaY7EZuA6Vuq7Wun8H1Wo2FD+IuxAubQIDAQAB� �
5.1 EDIT /etc/init.d/dkimproxy file: DKIMPROXY_OUT_ARGS=”–method=simple –conf_file ${DKOUT_CONF} –keyfile=${DKIMPROXY_OUT_PRIVKEY} ${COMMON_ARGS} –pidfile=${PIDDKIMPROXY_OUT} –signature=dkim –signature=domainkeys –min_servers=${DKIMPROXY_OUT_MIN_SERVERS}”
6. start postifx and dkim
7. test configuration:
7.1 test dns first: http://dkimcore.org/tools/
7.2 test email signing:http://www.brandonchecketts.com/emailtest.php
7.3 more spf,dkim tests here: http://appmaildev.com/en/dkim/
7.4 good spf tester: http://www.vamsoft.com/spfcheck.asp
Tham khảo:
http://iamsto.wordpress.com/2012/03/...ing-on-debian/
http://www.howtoforge.com/postfix-dk...lter-centos5.1
http://saylinux.net/story/0028417/dk...x-and-opendkim
http://wiki.linuxwall.info/doku.php/...tfix:dkimproxy
http://www.howtoforge.com/set-up-dki...using-opendkim
Tùy chỉnh và Tối ưu Postfix để gửi lượng lớn email
http://iamsto.wordpress.com/2012/03/...-with-postfix/
Xây dựng hệ thống Dkimproxy cho Postfix mail server
http://anthonyl.us/2009/08/21/setting-up-dkimproxy/
http://terraltech.com/opendkim-to-si...ils-on-ubuntu/