История изменений
Исправление alex_sim, (текущая версия) :
А где конфиги opendkim & postfix ?
Нда видимо придется, замылился глаз
posfix mail.cf dkim в самом конце
soft_bounce = no
queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
mail_owner = postfix
myhostname = mail.mydomen.ru
mydomain = mydomen.ru
myorigin = $myhostname
inet_interfaces = all
inet_protocols = ipv4
unknown_local_recipient_reject_code = 550
mynetworks = 127.0.0.0/8, 172.16.1.0/24, 172.16.15.0/24
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
smtpd_banner = $myhostname ESMTP $mail_name
smtpd_relay_restrictions = permit_mynetworks reject_unauth_destination
debug_peer_level = 2
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
ddd $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail.postfix
newaliases_path = /usr/bin/newaliases.postfix
mailq_path = /usr/bin/mailq.postfix
setgid_group = postdrop
html_directory = no
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/postfix/samples
readme_directory = /usr/share/doc/postfix/README_FILES
relay_domains = mysql:/etc/postfix/mysql/relay_domains.cf
virtual_alias_maps = mysql:/etc/postfix/mysql/virtual_alias_maps.cf,
mysql:/etc/postfix/mysql/virtual_alias_domain_maps.cf
virtual_mailbox_domains = mysql:/etc/postfix/mysql/virtual_mailbox_domains.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql/virtual_mailbox_maps.cf
bounce_notice_recipient = root@mydomen.ru
address_verify_sender = root@mydomen.ru
bounce_notice_recipient = root@mydomen.ru
delay_notice_recipient = root@mydomen.ru
smtpd_discard_ehlo_keywords = etrn, silent-discard
smtpd_forbidden_commands = CONNECT GET POST
broken_sasl_auth_clients = yes
smtpd_delay_reject = yes
smtpd_helo_required = yes
smtp_always_send_ehlo = yes
disable_vrfy_command = yes
smtpd_helo_restrictions = permit_mynetworks,
permit_sasl_authenticated,
reject_non_fqdn_helo_hostname,
reject_invalid_helo_hostname,
reject_unknown_hostname
smtpd_data_restrictions = permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_pipelining,
reject_multi_recipient_bounce,
smtpd_sender_restrictions = permit_mynetworks,
permit_sasl_authenticated,
reject_non_fqdn_sender,
check_sender_access hash:/etc/postfix/sender_access
reject_unknown_sender_domain
smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination,
reject_unlisted_recipient,
reject_unknown_recipient_domain,
reject_non_fqdn_recipient,
reject_multi_recipient_bounce
smtp_tls_security_level = may
smtp_tls_loglevel = 1
smtpd_tls_security_level = may
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
smtp_tls_session_cache_database = btree:$data_directory/smtp_tls_session_cache
smtpd_tls_key_file = /etc/postfix/certs/key.pem
smtpd_tls_cert_file = /etc/postfix/certs/cert.pem
tls_random_source = dev:/dev/urandom
smtpd_tls_mandatory_ciphers = low
smtpd_tls_ciphers = low
smtpd_tls_mandatory_protocols = !SSLv2,!SSLv3
smtp_tls_mandatory_protocols = !SSLv2,!SSLv3
smtp_tls_ciphers = low
smtp_tls_mandatory_ciphers = low
smtp_tls_protocols = !SSLv2,!SSLv3
smtp_tls_policy_maps = hash:/etc/postfix/tls_policy_maps
smtp_tls_note_starttls_offer = yes
message_size_limit = 20000000
smtpd_soft_error_limit = 10
smtpd_hard_error_limit = 15
smtpd_error_sleep_time = 20
anvil_rate_time_unit = 60s
smtpd_client_connection_count_limit = 20
smtpd_client_connection_rate_limit = 30
smtpd_client_message_rate_limit = 30
smtpd_client_event_limit_exceptions = 127.0.0.0/8
smtpd_client_connection_limit_exceptions = 127.0.0.0/8
smtpd_client_restrictions = check_client_access hash:/etc/postfix/access
maximal_queue_lifetime = 1d
bounce_queue_lifetime = 1d
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/dovecot-auth
virtual_mailbox_base = /mail
virtual_minimum_uid = 1000
virtual_uid_maps = static:1000
virtual_gid_maps = static:1000
virtual_transport = dovecot
dovecot_destination_recipient_limit = 1
sender_bcc_maps = hash:/etc/postfix/sender_bcc_maps
recipient_bcc_maps = hash:/etc/postfix/recipient_bcc_maps
compatibility_level=2
meta_directory = /etc/postfix
shlib_directory = /usr/lib64/postfix
#DKIM
milter_default_action = accept
milter_protocol = 2
smtpd_milters = inet:127.0.0.1:8891
non_smtpd_milters = inet:127.0.0.1:8891
Opendkim.conf
PidFile /run/opendkim/opendkim.pid
Mode sv
LogWhy yes
SendReports yes
SoftwareHeader yes
Canonicalization relaxed/relaxed
Domain mydomen.ru
Selector mydomen
MinimumKeyBits 1024
KeyFile /etc/opendkim/keys/mydomen.private
OversignHeaders From
AutoRestart Yes
AutoRestartRate 10/1h
Umask 002
Syslog yes
SyslogSuccess Yes
LogWhy Yes
Canonicalization relaxed/simple
#ExternalIgnoreList refile:/etc/opendkim/TrustedHosts
InternalHosts refile:/etc/opendkim/TrustedHosts
KeyTable refile:/etc/opendkim/KeyTable
SigningTable refile:/etc/opendkim/SigningTable
Mode sv
PidFile /var/run/opendkim/opendkim.pid
SignatureAlgorithm rsa-sha256
UserID opendkim:opendkim
Socket inet:8891@localhost
TrustedHosts
127.0.0.1
localhost
*.mydomen.ru
KeyTable
mydomen._domainkey.mydomen.ru mydomen.ru:mydomen:/etc/opendkim/keys/mydomen.private
SigningTable пробовал всяко
#*@example.com default._domainkey.example.com
*@mydomen.ru mydomen._domainkey.mydomen.ru
mydomen.ru mydomen._domainkey.mydomen.ru
Ключ публичный укоротил его
mydomen._domainkey IN TXT ( "v=DKIM1; k=rsa; "
"p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDDJS5UZ6XdtgQqVX2st1jXusf5/yGa7aJqeuLKN3yZYuqQIDAQAB" ) ; ----- DKIM key mydomen for mydomen.ru
Приватный наверно нет смысла выкладывать, пути проверены и ключи тоже
opendkim-testkey -d mydomen.ru -s mydomen -vvv -k /etc/opendkim/keys/mydomen.private
opendkim-testkey: using default configfile /etc/opendkim.conf
opendkim-testkey: key loaded from /etc/opendkim/keys/mydomen.private
opendkim-testkey: checking key 'mydomen._domainkey.mydomen.ru'
opendkim-testkey: key not secure
opendkim-testkey: key OK
Исправление alex_sim, :
А где конфиги opendkim & postfix ?
Нда видимо придется, замылился глаз
posfix mail.cf dkim в самом конце
soft_bounce = no
queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
mail_owner = postfix
myhostname = mail.mydomen.ru
mydomain = mydomen.ru
myorigin = $myhostname
inet_interfaces = all
inet_protocols = ipv4
unknown_local_recipient_reject_code = 550
mynetworks = 127.0.0.0/8, 172.16.1.0/24, 172.16.15.0/24
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
smtpd_banner = $myhostname ESMTP $mail_name
smtpd_relay_restrictions = permit_mynetworks reject_unauth_destination
debug_peer_level = 2
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
ddd $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail.postfix
newaliases_path = /usr/bin/newaliases.postfix
mailq_path = /usr/bin/mailq.postfix
setgid_group = postdrop
html_directory = no
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/postfix/samples
readme_directory = /usr/share/doc/postfix/README_FILES
relay_domains = mysql:/etc/postfix/mysql/relay_domains.cf
virtual_alias_maps = mysql:/etc/postfix/mysql/virtual_alias_maps.cf,
mysql:/etc/postfix/mysql/virtual_alias_domain_maps.cf
virtual_mailbox_domains = mysql:/etc/postfix/mysql/virtual_mailbox_domains.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql/virtual_mailbox_maps.cf
bounce_notice_recipient = root@mydomen.ru
address_verify_sender = root@mydomen.ru
bounce_notice_recipient = root@mydomen.ru
delay_notice_recipient = root@mydomen.ru
smtpd_discard_ehlo_keywords = etrn, silent-discard
smtpd_forbidden_commands = CONNECT GET POST
broken_sasl_auth_clients = yes
smtpd_delay_reject = yes
smtpd_helo_required = yes
smtp_always_send_ehlo = yes
disable_vrfy_command = yes
smtpd_helo_restrictions = permit_mynetworks,
permit_sasl_authenticated,
reject_non_fqdn_helo_hostname,
reject_invalid_helo_hostname,
reject_unknown_hostname
smtpd_data_restrictions = permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_pipelining,
reject_multi_recipient_bounce,
smtpd_sender_restrictions = permit_mynetworks,
permit_sasl_authenticated,
reject_non_fqdn_sender,
check_sender_access hash:/etc/postfix/sender_access
reject_unknown_sender_domain
smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination,
reject_unlisted_recipient,
reject_unknown_recipient_domain,
reject_non_fqdn_recipient,
reject_multi_recipient_bounce
smtp_tls_security_level = may
smtp_tls_loglevel = 1
smtpd_tls_security_level = may
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
smtp_tls_session_cache_database = btree:$data_directory/smtp_tls_session_cache
smtpd_tls_key_file = /etc/postfix/certs/key.pem
smtpd_tls_cert_file = /etc/postfix/certs/cert.pem
tls_random_source = dev:/dev/urandom
smtpd_tls_mandatory_ciphers = low
smtpd_tls_ciphers = low
smtpd_tls_mandatory_protocols = !SSLv2,!SSLv3
smtp_tls_mandatory_protocols = !SSLv2,!SSLv3
smtp_tls_ciphers = low
smtp_tls_mandatory_ciphers = low
smtp_tls_protocols = !SSLv2,!SSLv3
smtp_tls_policy_maps = hash:/etc/postfix/tls_policy_maps
smtp_tls_note_starttls_offer = yes
message_size_limit = 20000000
smtpd_soft_error_limit = 10
smtpd_hard_error_limit = 15
smtpd_error_sleep_time = 20
anvil_rate_time_unit = 60s
smtpd_client_connection_count_limit = 20
smtpd_client_connection_rate_limit = 30
smtpd_client_message_rate_limit = 30
smtpd_client_event_limit_exceptions = 127.0.0.0/8
smtpd_client_connection_limit_exceptions = 127.0.0.0/8
smtpd_client_restrictions = check_client_access hash:/etc/postfix/access
maximal_queue_lifetime = 1d
bounce_queue_lifetime = 1d
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/dovecot-auth
virtual_mailbox_base = /mail
virtual_minimum_uid = 1000
virtual_uid_maps = static:1000
virtual_gid_maps = static:1000
virtual_transport = dovecot
dovecot_destination_recipient_limit = 1
sender_bcc_maps = hash:/etc/postfix/sender_bcc_maps
recipient_bcc_maps = hash:/etc/postfix/recipient_bcc_maps
compatibility_level=2
meta_directory = /etc/postfix
shlib_directory = /usr/lib64/postfix
#DKIM
milter_default_action = accept
milter_protocol = 2
smtpd_milters = inet:127.0.0.1:8891
non_smtpd_milters = inet:127.0.0.1:8891
Opendkim.conf
PidFile /run/opendkim/opendkim.pid
Mode sv
LogWhy yes
SendReports yes
SoftwareHeader yes
Canonicalization relaxed/relaxed
Domain mydomen.ru
Selector mydomen
MinimumKeyBits 1024
KeyFile /etc/opendkim/keys/mydomen.private
OversignHeaders From
AutoRestart Yes
AutoRestartRate 10/1h
Umask 002
Syslog yes
SyslogSuccess Yes
LogWhy Yes
Canonicalization relaxed/simple
#ExternalIgnoreList refile:/etc/opendkim/TrustedHosts
InternalHosts refile:/etc/opendkim/TrustedHosts
KeyTable refile:/etc/opendkim/KeyTable
SigningTable refile:/etc/opendkim/SigningTable
Mode sv
PidFile /var/run/opendkim/opendkim.pid
SignatureAlgorithm rsa-sha256
UserID opendkim:opendkim
Socket inet:8891@localhost
TrustedHosts
127.0.0.1
localhost
*.mydomen.ru
KeyTable
mydomen._domainkey.mydomen.ru mydomen.ru:mydomen:/etc/opendkim/keys/mydomen.private
SigningTable пробовал всяко
#*@example.com default._domainkey.example.com
*@mydomen.ru mydomen._domainkey.mydomen.ru
mydomen.ru mydomen._domainkey.mydomen.ru
Ключ публичный укоротил его
mydomen._domainkey IN TXT ( "v=DKIM1; k=rsa; "
"p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDDJS5UZ6XdtgQqVX2st1jXusf5/yGa7aJqeuLKN3yZYuqQIDAQAB" ) ; ----- DKIM key mydomen for mydomen.ru
Приватный наверно нет смысла выкладывать, пути проверены и ключи тоже
opendkim-testkey -d mydomen.ru -s mydomen -vvv -k /etc/opendkim/keys/mydomen.private
opendkim-testkey: using default configfile /etc/opendkim.conf
opendkim-testkey: key loaded from /etc/opendkim/keys/mydomen.private
opendkim-testkey: checking key 'mydomen._domainkey.mydomen.ru'
opendkim-testkey: key not secure
opendkim-testkey: key OK
Может сетку свою прописать в TrustedHost?
Исходная версия alex_sim, :
А где конфиги opendkim & postfix ?
Нда видимо придется, замылился глаз
posfix mail.cf dkim в самом конце
soft_bounce = no
queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
mail_owner = postfix
myhostname = mail.mydomen.ru
mydomain = mydomen.ru
myorigin = $myhostname
inet_interfaces = all
inet_protocols = ipv4
unknown_local_recipient_reject_code = 550
mynetworks = 127.0.0.0/8, 172.16.1.0/24, 172.16.15.0/24
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
smtpd_banner = $myhostname ESMTP $mail_name
smtpd_relay_restrictions = permit_mynetworks reject_unauth_destination
debug_peer_level = 2
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
ddd $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail.postfix
newaliases_path = /usr/bin/newaliases.postfix
mailq_path = /usr/bin/mailq.postfix
setgid_group = postdrop
html_directory = no
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/postfix/samples
readme_directory = /usr/share/doc/postfix/README_FILES
relay_domains = mysql:/etc/postfix/mysql/relay_domains.cf
virtual_alias_maps = mysql:/etc/postfix/mysql/virtual_alias_maps.cf,
mysql:/etc/postfix/mysql/virtual_alias_domain_maps.cf
virtual_mailbox_domains = mysql:/etc/postfix/mysql/virtual_mailbox_domains.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql/virtual_mailbox_maps.cf
bounce_notice_recipient = root@mydomen.ru
address_verify_sender = root@mydomen.ru
bounce_notice_recipient = root@mydomen.ru
delay_notice_recipient = root@mydomen.ru
smtpd_discard_ehlo_keywords = etrn, silent-discard
smtpd_forbidden_commands = CONNECT GET POST
broken_sasl_auth_clients = yes
smtpd_delay_reject = yes
smtpd_helo_required = yes
smtp_always_send_ehlo = yes
disable_vrfy_command = yes
smtpd_helo_restrictions = permit_mynetworks,
permit_sasl_authenticated,
reject_non_fqdn_helo_hostname,
reject_invalid_helo_hostname,
reject_unknown_hostname
smtpd_data_restrictions = permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_pipelining,
reject_multi_recipient_bounce,
smtpd_sender_restrictions = permit_mynetworks,
permit_sasl_authenticated,
reject_non_fqdn_sender,
check_sender_access hash:/etc/postfix/sender_access
reject_unknown_sender_domain
smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination,
reject_unlisted_recipient,
reject_unknown_recipient_domain,
reject_non_fqdn_recipient,
reject_multi_recipient_bounce
smtp_tls_security_level = may
smtp_tls_loglevel = 1
smtpd_tls_security_level = may
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
smtp_tls_session_cache_database = btree:$data_directory/smtp_tls_session_cache
smtpd_tls_key_file = /etc/postfix/certs/key.pem
smtpd_tls_cert_file = /etc/postfix/certs/cert.pem
tls_random_source = dev:/dev/urandom
smtpd_tls_mandatory_ciphers = low
smtpd_tls_ciphers = low
smtpd_tls_mandatory_protocols = !SSLv2,!SSLv3
smtp_tls_mandatory_protocols = !SSLv2,!SSLv3
smtp_tls_ciphers = low
smtp_tls_mandatory_ciphers = low
smtp_tls_protocols = !SSLv2,!SSLv3
smtp_tls_policy_maps = hash:/etc/postfix/tls_policy_maps
smtp_tls_note_starttls_offer = yes
message_size_limit = 20000000
smtpd_soft_error_limit = 10
smtpd_hard_error_limit = 15
smtpd_error_sleep_time = 20
anvil_rate_time_unit = 60s
smtpd_client_connection_count_limit = 20
smtpd_client_connection_rate_limit = 30
smtpd_client_message_rate_limit = 30
smtpd_client_event_limit_exceptions = 127.0.0.0/8
smtpd_client_connection_limit_exceptions = 127.0.0.0/8
smtpd_client_restrictions = check_client_access hash:/etc/postfix/access
maximal_queue_lifetime = 1d
bounce_queue_lifetime = 1d
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/dovecot-auth
virtual_mailbox_base = /mail
virtual_minimum_uid = 1000
virtual_uid_maps = static:1000
virtual_gid_maps = static:1000
virtual_transport = dovecot
dovecot_destination_recipient_limit = 1
sender_bcc_maps = hash:/etc/postfix/sender_bcc_maps
recipient_bcc_maps = hash:/etc/postfix/recipient_bcc_maps
compatibility_level=2
meta_directory = /etc/postfix
shlib_directory = /usr/lib64/postfix
#DKIM
milter_default_action = accept
milter_protocol = 2
smtpd_milters = inet:127.0.0.1:8891
non_smtpd_milters = inet:127.0.0.1:8891
Opendkim.conf
PidFile /run/opendkim/opendkim.pid
Mode sv
LogWhy yes
SendReports yes
SoftwareHeader yes
Canonicalization relaxed/relaxed
Domain mydomen.ru
Selector mydomen
MinimumKeyBits 1024
KeyFile /etc/opendkim/keys/mydomen.private
OversignHeaders From
AutoRestart Yes
AutoRestartRate 10/1h
Umask 002
Syslog yes
SyslogSuccess Yes
LogWhy Yes
Canonicalization relaxed/simple
#ExternalIgnoreList refile:/etc/opendkim/TrustedHosts
InternalHosts refile:/etc/opendkim/TrustedHosts
KeyTable refile:/etc/opendkim/KeyTable
SigningTable refile:/etc/opendkim/SigningTable
Mode sv
PidFile /var/run/opendkim/opendkim.pid
SignatureAlgorithm rsa-sha256
UserID opendkim:opendkim
Socket inet:8891@localhost
TrustedHosts
127.0.0.1
localhost
*.mydomen.ru
KeyTable
mydomen._domainkey.mydomen.ru mydomen.ru:mydomen:/etc/opendkim/keys/mydomen.private
SigningTable пробовал всяко
#*@example.com default._domainkey.example.com
*@mydomen.ru mydomen._domainkey.mydomen.ru
mydomen.ru mydomen._domainkey.mydomen.ru
Ключ публичный укоротил его
mydomen._domainkey IN TXT ( "v=DKIM1; k=rsa; "
"p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDDJS5UZ6XdtgQqVX2st1jXusf5/yGa7aJqeuLKN3yZYuqQIDAQAB" ) ; ----- DKIM key mydomen for mydomen.ru
Приватный наверно нет смысла выкладывать, пути проверены и ключи тоже
opendkim-testkey -d mydomen.ru -s mydomen -vvv -k /etc/opendkim/keys/mydomen.private
opendkim-testkey: using default configfile /etc/opendkim.conf
opendkim-testkey: key loaded from /etc/opendkim/keys/mydomen.private
opendkim-testkey: checking key 'mydomen._domainkey.mydomen.ru'
opendkim-testkey: key not secure
opendkim-testkey: key OK