LINUX.ORG.RU

Сообщения akm123

 

Упрямый opendmarc

Форум — Admin

Не получается настроить запись Dmarc, перепробовал разные варианты конфига opendmarc.conf. Записи SFP и DKIm check-auth@verifier.port25.com

Получаем

==========================================================
Summary of Results
==========================================================
SPF check:          pass
"iprev" check:      fail
DKIM check:         pass

==========================================================
Details:
==========================================================

Система centOS 5.11

содержимое opendmarc.conf

AuthservID proxy.cge.local
# AuthservIDWithJobID false
AutoRestart true
# AutoRestartCount 0
AutoRestartRate 10/1h
# Background true
# BaseDirectory /var/run/opendmarc
# ChangeRootDirectory /var/chroot/opendmarc
# CopyFailuresTo postmaster@localhost
# DNSTimeout 5
# EnableCoreDumps false
FailureReports true
# FailureReportsBcc postmaster@example.coom
# FailureReportsOnNone false
FailureReportsSentBy 13cge@13cge.ru
HistoryFile /var/spool/opendmarc/opendmarc.dat
IgnoreAuthenticatedClients true
IgnoreHosts /etc/opendkim/TrustedHosts
# IgnoreMailFrom example.com
# MilterDebug 0
PidFile /var/run/opendmarc.pid
# PublicSuffixList path
# RecordAllMessages false
RejectFailures false
# ReportCommand /usr/sbin/sendmail -t
# RequiredHeaders false
Socket inet:8893@localhost
#SoftwareHeader true
SPFIgnoreResults true
SPFSelfValidate true
Syslog true
# SyslogFacility mail
# TrustedAuthservIDs HOSTNAME
UMask 002
#UserID opendmarc:mail

запись в main.cf

milter_default_action = accept
milter_protocol = 2
smtpd_milters = inet:localhost:8891,inet:localhost:8893
#smtpd_milters = inet:localhost:8891
#non_smtpd_milters = $smtpd_milters
non_smtpd_milters = inet:localhost:8891,inet:localhost:8893

содержимое mail.log последняя запись

Aug 18 11:02:43 proxy postfix/smtpd[30803]: disconnect from unknown[46.8.61.67]
Aug 18 11:02:44 proxy postfix/smtpd[30803]: connect from mail-lj1-f171.google.com[209.85.208.171]
Aug 18 11:02:45 proxy postfix/smtpd[30803]: 2742642A8B3: client=mail-lj1-f171.google.com[209.85.208.171]
Aug 18 11:02:45 proxy postfix/cleanup[30866]: 2742642A8B3: message-id=<CAOfGbmw4v4O7K6gZ9wSdqs=uwKuKJE0k2chF4Hc5h_YOtQ9mZw@mail.gmail.com>
Aug 18 11:02:45 proxy opendkim[30782]: (unknown-jobid): mail-lj1-f171.google.com [209.85.208.171] not internal
Aug 18 11:02:45 proxy opendkim[30782]: (unknown-jobid): not authenticated
Aug 18 11:02:45 proxy opendkim[30782]: 2742642A8B3: DKIM verification successful
Aug 18 11:02:45 proxy opendmarc[30798]: 2742642A8B3: SPF(mailfrom): novikov.sla@gmail.com pass
Aug 18 11:02:45 proxy opendmarc[30798]: 2742642A8B3: gmail.com pass
Aug 18 11:02:45 proxy postfix/qmgr[26817]: 2742642A8B3: from=<novikov.sla@gmail.com>, size=2849, nrcpt=1 (queue active)
Aug 18 11:02:45 proxy postfix/virtual[30874]: 2742642A8B3: to=<razgadova_ni@13cge.ru>, relay=virtual, delay=0.57, delays=0.56/0/0/0, dsn=2.0.0, status=sent (delivered to maildir)
Aug 18 11:02:45 proxy postfix/qmgr[26817]: 2742642A8B3: removed
Aug 18 11:02:45 proxy postfix/smtpd[30803]: disconnect from mail-lj1-f171.google.com[209.85.208.171]

 

akm123
()
11 комментариев

DKIM не подписывает письма

Форум — Admin

Здравствуйте ! Помогите разобраться запись dkim в DNS зону добавлена, но письмо не подписывается. На тестовом сайте выдает ошибку

---------------------------------------------------------- DKIM check details: ---------------------------------------------------------- Result: none (message not signed) ID(s) verified:

NOTE: DKIM checking has been performed based on the latest DKIM specs (RFC 4871 or draft-ietf-dkim-base-10) and verification may fail for older versions. If you are using Port25's PowerMTA, you need to use version 3.2r11 or later to get a compatible version of DKIM.

============================================================== Explanation of the possible results (based on RFCs 7601, 7208) ============================================================== 

Система Centos 5.9 Final opendkim 2.5.2 postfix 2.3.3


конфиг opendkim
PidFile	/var/run/opendkim/opendkim.pid
Mode sv
Syslog yes
SyslogSuccess yes
#LogWhy yes
UserID opendkim:opendkim
Socket inet:8891@localhost
Umask 002
Canonicalization relaxed/relaxed
Selector fbuz
KeyFile /etc/opendkim/keys/13???.ru/???z
KeyTable /etc/opendkim/KeyTable
SigningTable /etc/opendkim/SigningTable
#SignatureAlgorithm rsa
ExternalIgnoreList refile:/etc/opendkim/TrustedHosts
InternalHosts refile:/etc/opendkim/TrustedHosts

Конфиг postfix
main.cf 
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
mail_owner = postfix
myhostname = proxy.???.ru
inet_interfaces = localhost
unknown_local_recipient_reject_code = 550
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
virtual_mailbox_base = /var/spool/vmail
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
virtual_mailbox_domains = mysql:/etc/postfix/vdomains.cf
virtual_mailbox_maps = mysql:/etc/postfix/vmailbox.cf
virtual_alias_maps = mysql:/etc/postfix/valias.cf
transport_maps = mysql:/etc/postfix/vtransports.cf
virtual_create_maildirsize = yes
virtual_maildir_extended = yes
virtual_mailbox_limit_maps = mysql:/etc/postfix/vmailbox_limit_maps.cf
virtual_mailbox_limit_override = yes
virtual_maildir_limit_message = «The user you are trying to reach is over quota.»
virtual_overquota_bounce = yes
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_ma
inet_interfaces = all
message_size_limit = 20480000
smtpd_milters=inet:127.0.0.1:8891
non_smtpd_milters=$smtpd_milters
milter_default_action=accept
milter_protocol=2
strict_rfc821_envelopes = yes
disable_vrfy_command = yes
mail.log
smtpd_delay_reject = yes
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks,check_helo_access hash:/etc/postfix/antispamcfg/helo_access,check_helo_access regexp:/etc/postfix/antispamcfg/dul_checks,reject_invalid_hostname,permit
smtpd_sender_restrictions = permit_mynetworks,check_sender_access regexp:/etc/postfix/antispamcfg/sender_access,reject_non_fqdn_sender,reject_unknown_sender_domain,permit
smtpd_recipient_restrictions = reject_unauth_pipelining,permit_mynetworks,reject_non_fqdn_recipient,reject_unknown_recipient_domain,reject_unlisted_recipient,check_recipient_access regexp:/etc/postfix/antispamcfg/recipient_access,reject_unauth_destination,permit
smtpd_client_restrictions = permit_mynetworks,check_client_access hash:/etc/postfix/antispamcfg/client_access,check_client_access regexp:/etc/postfix/antispamcfg/dul_checks,reject_rbl_client bl.spamcop.net,reject_rbl_client cbl.abuseat.org,permit

SigningTable
*@13???.ru ???z._domainkey.13???.ru

TrustedHosts
127.0.0.1
localhost
13???.ru

 

akm123
()
12 комментариев

RSS подписка на новые темы