This commit is contained in:
Yunohost Admin 2015-02-12 13:41:29 +01:00
parent 6f00e4b77c
commit 52bd40589d
4 changed files with 93 additions and 46 deletions

View file

@ -160,7 +160,8 @@ The packagers will appreciate your remarks. If you test them and find issues, or
| [Tor Relay](https://www.torproject.org/docs/tor-doc-relay.html.en) | matlink | <div class="inprogress"/> | https://github.com/matlink/torrelay_ynh | Tor Node |
| [Webmin](http://webmin.com) | tifred | <div class="inprogress"/> | https://github.com/drfred1981/webmin_ynh | Web-based system configuration tool |
| [Wordpress multisite](http://codex.wordpress.org/Create_A_Network) | Maniack Crudelis | <div class="ready"/> | https://github.com/maniackcrudelis/wordpress_ynh | Wordpress with network support |
| [Yourls](http://yourls.org/) | courgette | <div class="ready"/> | https://github.com/courgette/yourls_ynh | URL Shortening service |
| [YaCy](http://yacy.net) | Moul | <div class="inprogress"/> | https://github.com/M5oul/yacy_ynh/ | Libre and decentralized search engine |
| [Yourls](http://yourls.org/) | courgette | <div class="ready"/> | https://github.com/courgette/yourls_ynh | URL Shortening service |
| Yunofav | [xof](https://forum.yunohost.org/users/xof) | <div class="ready"/> | https://github.com/chtixof/yunofav | Page of favorite links Yunohost-styled |
| [Zomburl](http://cadav.re/) | courgette | <div class="inprogress"/> | https://github.com/courgette/zomburl_ynh | URL Shortening service |
| [ZoteroSync](http://blog.holz.ca/2011/11/phpzoterowebdav-installation/) | scith | <div class="inprogress"/> | https://github.com/scith/zoterosync_ynh | Sync Zotero library and files |
@ -239,4 +240,4 @@ The following list is a compiled wishlist of applications that would be nice-to-
* [Webmpc](https://github.com/ushis/webmpc)
* [WebODF](http://webodf.org/)
* [webSync](http://furier.github.io/websync/)
* [ZNC](http://wiki.znc.in/ZNC)
* [ZNC](http://wiki.znc.in/ZNC)

132
dkim.md
View file

@ -1,32 +1,45 @@
Hi,
# DKIM
Please note that :
This is the revision 2 of this Work In Progress How-To
Until this is natively integrated in YnH core apps, it will mean to that postfix conf will be blocked (or each time there is a change some configuration lines will need to be added to the end of /etc/postfix/main.cf)
To be fully functionnal DKIM requires a modification of the DNS, which propagantion can take up to 24h
CREDIT : This tutorial has been initially based on the DKMI section of : http://sealedabstract.com/code/nsa-proof-your-e-mail-in-2-hours/ from Drew Crawford
CREDIT : This tutorial has been reviewed based on https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-dkim-with-postfix-on-debian-wheezy from Popute Sebastian Armin
Replace DOMAIN.TLD by your own domain name
This is the revision 2 of this Work In Progress How-To.
Changes in rev 2 :
Until this is natively integrated in YunoHost core apps, it will mean to that Postfix configuration will be blocked (or each time there is a change some configuration lines will need to be added to the end of /etc/postfix/main.cf).
Much easier to manage more than one DOMAIN.TLD (future proof)
Updated configuration as it seemed that the previous one was based on old software
To be fully functionnal DKIM requires a modification of the DNS, which propagantion can take up to 24h.
So, here is the thing :
Source: This tutorial has been initially based on the DKMI section of: http://sealedabstract.com/code/nsa-proof-your-e-mail-in-2-hours/ from Drew Crawford.
We start by installing the right software :
Source: This tutorial has been reviewed based on https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-dkim-with-postfix-on-debian-wheezy from Popute Sebastian Armin
Replace DOMAIN.TLD by your own domain name.
Changes in rev 2:
Much easier to manage more than one DOMAIN.TLD (future proof).
Updated configuration as it seemed that the previous one was based on old software.
So, here is the thing:
### With a script
Fully automatic script: (single domain)
```bash
git clone https://github.com/polytan02/yunohost_auto_config_basic
sudo ./yunohost_auto_config_basic/5_opendkim.sh
```
### Manually
We start by installing the right software:
```bash
sudo aptitude install opendkim opendkim-tools
```
Then we configure opendkim
Then we configure opendkim
```bash
sudo nano /etc/opendkim.conf
(Text to be placed in the text file: )
```
Text to be placed in the text file:
```bash
AutoRestart Yes
AutoRestartRate 10/1h
UMask 022
@ -50,70 +63,101 @@ UserID opendkim:opendkim
Socket inet:8891@127.0.0.1
Selector mail
```
Connect the milter to Postfix:
Connect the milter to Postfix:
```bash
sudo nano /etc/default/opendkim
```
(Text to be placed in the text file: )
Text to be placed in the text file:
```bash
SOCKET="inet:8891@localhost"
```
Configure postfix to use this milter:
Configure Postfix to use this milter:
```bash
sudo nano /etc/postfix/main.cf
```
Text to be placed **at the end** in the text file:
```bash
# OpenDKIM milter
(Text to be placed AT THE END in the text file: )
milter_protocol = 2
milter_default_action = accept
smtpd_milters = inet:127.0.0.1:8891
non_smtpd_milters = inet:127.0.0.1:8891
```
Create a directory structure that will hold the trusted hosts, key tables, signing tables and crypto keys:
Create a directory structure that will hold the trusted hosts, key tables, signing tables and crypto keys:
```bash
sudo mkdir -pv /etc/opendkim/keys/DOMAIN.TLD
```
Specify trusted hosts:
Specify trusted hosts:
```bash
sudo nano /etc/opendkim/TrustedHosts
```
(Text to be placed in the text file: )
Text to be placed in the text file:
```bash
127.0.0.1
localhost
192.168.0.1/24
*.DOMAIN.TLD
```
Create a key table:
Create a key table:
```bash
sudo nano /etc/opendkim/KeyTable
```
(Text to be placed in the text file: Be very careful, it needs to be on a SINGLE LINE for each domain )
Text to be placed in the text file: be very careful, it needs to be on a **single line** for each domain.
```bash
mail._domainkey.DOMAIN.TLD DOMAIN.TLD:mail:/etc/opendkim/keys/DOMAIN.TLD/mail.private
```
Create a signing table:
Create a signing table:
```bash
sudo nano /etc/opendkim/SigningTable
```
(Text to be placed in the text file: )
Text to be placed in the text file:
```bash
*@DOMAIN.TLD mail._domainkey.DOMAIN.TLD
```
Now we generate the keys ! smile
Now we generate the keys! smile
```bash
sudo cd /etc/opendkim/keys/DOMAIN.TLD
sudo opendkim-genkey -s mail -d DOMAIN.TLD
```
Output the DKIM DNS line to the terminal. Then, we install it on our DNS server. My ZONE file looks like this. (Be very careful with the formatting, the "p=...." needs to be in a single line.
Output the DKIM DNS line to the terminal. Then, we install it on our DNS server. My ZONE file looks like this. (Be very careful with the formatting, the "p=...." needs to be in a single line.)
```bash
cat mail.txt
mail._domainkey IN TXT "v=DKIM1; k=rsa; p=AAAKKUHGCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDPFrBM54eXlZPXLJ7EFphiA8qGAcgu4lWuzhzxDDcIHcnA/fdklG2gol1B4r27p87rExxz9hZehJclaiqlaD8otWt8r/UdrAUYNLKNBFGHJ875467jstoAQAB" ; ----- DKIM key mail for DOMAIN.TLD
```
And we don't forget to put the right rights otherwise opendkim will get grumpy...
And we don't forget to put the right rights otherwise opendkim will get grumpy...
```bash
chown -Rv opendkim:opendkim /etc/opendkim*
```
And finally, we restart everything :
sudo service opendkim restart
sudo service postfix restart
And finally, we restart everything:
```bash
sudo service opendkim restart
sudo service postfix restart
```
To test if it is all working well (don't forget that the DNS propagation can take a bit of take....) you can simply send an email to check-auth@verifier.port25.com and a reply will be received. If everything works correctly you should see DKIM check: pass under Summary of Results.
To test if it is all working well (don't forget that the DNS propagation can take a bit of take…) you can simply send an email to check-auth@verifier.port25.com and a reply will be received. If everything works correctly you should see DKIM check: pass under Summary of Results.
You can also go to http://www.mail-tester.com
Lastly, don't forget to add a SPF key in your DNS such as:
```bash
DOMAIN.TLD 300 TXT "v=spf1 a:DOMAIN.TLD mx ?all"
```

View file

@ -41,6 +41,7 @@
* [Security](/security)
* [Connect to your server with SSH](/ssh)
* [Command line administration](/moulinette)
* [Change administration password](/change_admin_password)
* Email:
* [DKIM](dkim)
* [Certificates](/certificate)

View file

@ -47,6 +47,7 @@
* [Sécurité](/security_fr)
* [Connexion à son serveur en ligne de commande avec SSH](/ssh_fr)
* [Administration en ligne de commande avec la Moulinette](/moulinette_fr)
* [Changer le mot de passe d'administration](/change_admin_password_fr)
* Email:
* [DKIM](dkim_fr)
* [Gestion du certificat](/certificate_fr)