Merge pull request #178 from polytan02/patch-1

Create dkim_spf

dkim_spf

@@ -0,0 +1,119 @@
+
+
+Hi,
+
+Please note that :
+
+    This is the revision 2 of this Work In Progress How-To
+    Until this is natively integrated in YnH core apps, it will mean to that postfix conf will be blocked (or each time there is a change some configuration lines will need to be added to the end of /etc/postfix/main.cf)
+    To be fully functionnal DKIM requires a modification of the DNS, which propagantion can take up to 24h
+    CREDIT : This tutorial has been initially based on the DKMI section of : http://sealedabstract.com/code/nsa-proof-your-e-mail-in-2-hours/ from Drew Crawford
+    CREDIT : This tutorial has been reviewed based on https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-dkim-with-postfix-on-debian-wheezy from Popute Sebastian Armin
+    Replace DOMAIN.TLD by your own domain name
+
+Changes in rev 2 :
+
+    Much easier to manage more than one DOMAIN.TLD (future proof)
+    Updated configuration as it seemed that the previous one was based on old software
+
+So, here is the thing :
+
+    We start by installing the right software : 
+
+sudo aptitude install opendkim opendkim-tools
+
+    Then we configure opendkim 
+
+sudo nano /etc/opendkim.conf
+(Text to be placed in the text file: )
+
+AutoRestart Yes
+AutoRestartRate 10/1h
+UMask 022
+Syslog yes
+SyslogSuccess Yes
+LogWhy Yes
+
+Canonicalization relaxed/simple
+
+ExternalIgnoreList refile:/etc/opendkim/TrustedHosts
+InternalHosts refile:/etc/opendkim/TrustedHosts
+KeyTable refile:/etc/opendkim/KeyTable
+SigningTable refile:/etc/opendkim/SigningTable
+
+Mode sv
+PidFile /var/run/opendkim/opendkim.pid
+SignatureAlgorithm rsa-sha256
+
+UserID opendkim:opendkim
+
+Socket inet:8891@127.0.0.1
+
+Selector mail
+
+    Connect the milter to Postfix:
+
+sudo nano /etc/default/opendkim
+
+(Text to be placed in the text file: )
+SOCKET="inet:8891@localhost"
+
+    Configure postfix to use this milter:
+
+sudo nano /etc/postfix/main.cf
+
+(Text to be placed AT THE END in the text file: )
+milter_protocol = 2
+milter_default_action = accept
+smtpd_milters = inet:127.0.0.1:8891
+non_smtpd_milters = inet:127.0.0.1:8891
+
+    Create a directory structure that will hold the trusted hosts, key tables, signing tables and crypto keys:
+
+sudo mkdir -pv /etc/opendkim/keys/DOMAIN.TLD
+
+    Specify trusted hosts:
+
+sudo nano /etc/opendkim/TrustedHosts
+
+(Text to be placed in the text file: )
+127.0.0.1
+localhost
+192.168.0.1/24
+*.DOMAIN.TLD
+
+    Create a key table:
+
+sudo nano /etc/opendkim/KeyTable
+
+(Text to be placed in the text file: Be very careful, it needs to be on a SINGLE LINE for each domain )
+mail._domainkey.DOMAIN.TLD DOMAIN.TLD:mail:/etc/opendkim/keys/DOMAIN.TLD/mail.private
+
+    Create a signing table:
+
+sudo nano /etc/opendkim/SigningTable
+
+(Text to be placed in the text file: )
+*@DOMAIN.TLD mail._domainkey.DOMAIN.TLD
+
+    Now we generate the keys ! smile 
+
+sudo cd /etc/opendkim/keys/DOMAIN.TLD
+sudo opendkim-genkey -s mail -d DOMAIN.TLD
+
+    Output the DKIM DNS line to the terminal. Then, we install it on our DNS server. My ZONE file looks like this. (Be very careful with the formatting, the "p=...." needs to be in a single line.
+
+cat mail.txt
+
+mail._domainkey IN TXT "v=DKIM1; k=rsa; p=AAAKKUHGCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDPFrBM54eXlZPXLJ7EFphiA8qGAcgu4lWuzhzxDDcIHcnA/fdklG2gol1B4r27p87rExxz9hZehJclaiqlaD8otWt8r/UdrAUYNLKNBFGHJ875467jstoAQAB" ; ----- DKIM key mail for DOMAIN.TLD
+
+    And we don't forget to put the right rights otherwise opendkim will get grumpy...
+
+chown -Rv opendkim:opendkim /etc/opendkim*
+
+    And finally, we restart everything :
+    sudo service opendkim restart
+    sudo service postfix restart
+
+    To test if it is all working well (don't forget that the DNS propagation can take a bit of take....) you can simply send an email to check-auth@verifier.port25.com and a reply will be received. If everything works correctly you should see DKIM check: pass under Summary of Results.
+