文档建议反馈控制台
首页
学习
活动
专区
圈层
工具
MCP广场
文章/答案/技术大牛
发布
社区首页 >问答首页 >OpenDKIM & Mailman

OpenDKIM & Mailman
EN

Server Fault用户
提问于 2021-12-02 14:33:29
回答 1查看 314关注 0票数 0

我有一个基于Fedora的小型邮件服务器,带有postfix、OpenDKIM、垃圾邮件杀手和邮递员。

  • 发送电子邮件的OpenDKIM签名工作
  • 传入电子邮件的OpenDKIM验证工作

当DKIM消息被发送到邮件列表时,我在标题中看到以下内容:

代码语言:javascript
复制
DKIM-Filter: OpenDKIM Filter v2.11.0 corti.li DB09BDFEE4
Authentication-Results: corti.li;
    dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=id.ethz.ch header.i=@id.ethz.ch header.a=rsa-sha256 header.s=key1-q3-2021 header.b=FOCb7EwF
[...]
DKIM-Filter: OpenDKIM Filter v2.11.0 corti.li A2C29DFED2
Received: from mailg210.ethz.ch (mailg210.ethz.ch [129.132.198.194])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by corti.li (Postfix) with ESMTPS id 98D21DF4AC
 for ; Thu,  2 Dec 2021 14:19:55 +0100 (CET)
DKIM-Filter: OpenDKIM Filter v2.11.0 corti.li 98D21DF4AC
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=id.ethz.ch;
 s=key1-q3-2021; t=1638451169; h=From:Subject:Date:Message-ID:To
 :MIME-Version:Content-Type; bh=qzmynR6bBoUQ7r53VOIB9APaTNZN6JNW86G7ge/XIj
 U=; b=FOCb7EwFI/pVyk/KvT2kEAFLcKguQN9b+UzfLobMxPe1YwAm1wHrRSs3ZXo8l1DUJTM
 J5/lO3rJAMu8+ZidXMHLSFWl7JwZ2ciqB93RiQMYNONBLZ+HOYpkUxzof3L9MAzdCmGeaJisF
 bk8FF/E8G+rGrBP7xXMpv+MgvofWU9RVCTQZqLOnWqPYyBsEsptByHDgsrUsmPGZSxQ1OUasd
 j6cEkRfXk3EVqVNVZXWfGLWDD4CWd0VKSNMGk/SMPgx9L63SUe1qSv4PUIJn9Lepn6gnvZaE9
 D7+v3uk69Kfglr4gK7OpFB1X/YQrEhQYzcstB6+sUUVTFhA3ROKyuHXA==;

在这个例子中

  • corti.li是我的服务器
  • @id.ethz.ch是from域

OpenDKIM配置在/etc/postfix/main.cf中:

代码语言:javascript
复制
# Milter configuration
milter_default_action = accept
milter_protocol = 6
smtpd_milters = inet:127.0.0.1:8891
non_smtpd_milters = $smtpd_milters

Mailman是通过

代码语言:javascript
复制
./postfix/main.cf:alias_maps = hash:/etc/aliases, hash:/etc/mailman/aliases

以及类似的条目

代码语言:javascript
复制
testlist:              "|/usr/lib/mailman/mail/mailman post testlist"

/etc/mailman/aliases

Spamassassin的/etc/postfix/master.cf配置为:

代码语言:javascript
复制
[root@corti etc]# grep spamass /etc/postfix/master.cf
smtp      inet  n       -       n       -       -       smtpd -o content_filter=spamassassin -o tls_preempt_cipherlist=yes
submission inet n      -       n       -       -       smtpd -o content_filter=spamassassin -o tls_preempt_cipherlist=yes
smtps    inet  n       -       n       -       -       smtpd  -o content_filter=spamassassin -o tls_preempt_cipherlist=yes
spamassassin unix  -       n       n       -       -       pipe user=spamassassin argv=/usr/bin/spamc -e /usr/sbin/sendmail -oi -f ${sender} ${recipient}

关于A2C29DFED2的日志条目

代码语言:javascript
复制
Dec 02 14:19:57 corti.li postfix/pickup[190218]: A2C29DFED2: uid=513 from=
Dec 02 14:19:57 corti.li postfix/cleanup[194198]: A2C29DFED2: message-id=<45c3728aae2d4457a35a19ac7ba131c2@id.ethz.ch>
Dec 02 14:19:57 corti.li opendkim[192090]: A2C29DFED2: no signing table match for '*****@id.ethz.ch'
Dec 02 14:19:57 corti.li opendkim[192090]: A2C29DFED2: DKIM verification successful
Dec 02 14:19:57 corti.li postfix/qmgr[1080]: A2C29DFED2: from=, size=12955, nrcpt=1 (queue active)
Dec 02 14:19:57 corti.li postfix/local[194206]: A2C29DFED2: to=, relay=local, delay=0.1, delays=0.01/0/0/0.09, dsn=2.0.0, status=sent (delivered to command: /usr/lib/mailman/mail/mailman post rpg)
Dec 02 14:19:57 corti.li postfix/qmgr[1080]: A2C29DFED2: removed

代码语言:javascript
复制
Dec 02 14:20:03 corti.li postfix/pickup[190218]: DB09BDFEE4: uid=513 from=
Dec 02 14:20:03 corti.li postfix/cleanup[194198]: DB09BDFEE4: message-id=<45c3728aae2d4457a35a19ac7ba131c2@id.ethz.ch>
Dec 02 14:20:03 corti.li opendkim[192090]: DB09BDFEE4: no signing table match for '*****@id.ethz.ch'
Dec 02 14:20:03 corti.li opendkim[192090]: DB09BDFEE4: bad signature data
Dec 02 14:20:03 corti.li postfix/qmgr[1080]: DB09BDFEE4: from=, size=14580, nrcpt=1 (queue active)
Dec 02 14:20:03 corti.li postfix/local[194206]: DB09BDFEE4: passing  to transport=procmail
Dec 02 14:20:04 corti.li postfix/pipe[194207]: DB09BDFEE4: to=, relay=procmail, delay=0.15, delays=0.07/0/0/0.08, dsn=2.0.0, status=sent (delivered via procmail service)
Dec 02 14:20:04 corti.li postfix/qmgr[1080]: DB09BDFEE4: removed

为什么要检查传出消息的DKIM签名?邮递员修改消息,原来的签名应该不再相关。

mailman
postfix
opendkim
EN

回答 1

Server Fault用户

发布于 2021-12-02 14:57:57

我可以通过告诉邮递员总是删除DKIM签名来解决这个问题:

代码语言:javascript
复制
# Some list posts and mail to the -owner address may contain DomainKey or                                                                        
# DomainKeys Identified Mail (DKIM) signature headers .                                                                    
# Various list transformations to the message such as adding a list header or                                                                    
# footer or scrubbing attachments or even reply-to munging can break these                                                                       
# signatures.  It is generally felt that these signatures have value, even if                                                                    
# broken and even if the outgoing message is resigned.  However, some sites                                                                      
# may wish to remove these headers.  Possible values and meanings are:                                                                           
# No, 0, False -> do not remove headers.                                                                                                         
# Yes, 1, True -> remove headers only if we are munging the from header due                                                                      
#                 to from_is_list or dmarc_moderation_action.                                                                                    
# 2 -> always remove headers.                                                                                                                    
# 3 -> always remove, rename and preserve original DKIM headers.                                                                                 
REMOVE_DKIM_HEADERS = 2
票数 0
EN
页面原文内容由Server Fault提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:

https://serverfault.com/questions/1085207

复制
相关文章

相似问题

领券

腾讯云开发者

扫码关注腾讯云开发者

扫码关注腾讯云开发者

领取腾讯云代金券

热门产品

热门推荐

更多推荐

Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有 

深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 粤公网安备44030502008569号

腾讯云计算(北京)有限责任公司 京ICP证150476号 |  京ICP备11018762号

问题归档专栏文章快讯文章归档关键词归档开发者手册归档开发者手册 Section 归档