{"id":1475,"date":"2018-10-01T08:00:52","date_gmt":"2018-09-30T23:00:52","guid":{"rendered":"https:\/\/www.itc109.com\/knowledge\/?p=1475"},"modified":"2021-09-30T08:57:48","modified_gmt":"2021-09-29T23:57:48","slug":"dkim","status":"publish","type":"post","link":"https:\/\/www.itc109.com\/knowledge\/security\/dkim","title":{"rendered":"OpenDKIM – \u9001\u4fe1\u5143\u30c9\u30e1\u30a4\u30f3\u8a8d\u8a3c"},"content":{"rendered":"

\u6982\u8981<\/strong><\/h4>\n

\u8ff7\u60d1\u30e1\u30fc\u30eb\u5bfe\u7b56\u3068\u3057\u3066DKIM\u3092\u8a2d\u5b9a\u3059\u308b\u624b\u9806\u306b\u3064\u3044\u3066\u8a18\u8f09\u3057\u3066\u3044\u307e\u3059\u3002<\/p>\n

\n

\nDKIM (Domainkeys Identified Mail)<\/strong><\/a>
\nDKIM\u306f\u3001\u96fb\u5b50\u7f72\u540d\u65b9\u5f0f\u306e\u9001\u4fe1\u30c9\u30e1\u30a4\u30f3\u8a8d\u8a3c\u3067\u3042\u308b\u3002IETF\u306b\u304a\u3044\u3066Sendmail\u793e\u306eEric Allman\u6c0f\u3089\u3092\u4e2d\u5fc3\u3068\u3057\u3066\u691c\u8a0e\u304c\u9032\u3081\u3089\u308c\u3001RFC 4871\u304a\u3088\u3073RFC 5672\u3068\u3057\u3066\u6a19\u6e96\u5316\u3055\u308c\u305f\u3002\u3055\u3089\u306b\u3001DKIM\u306e\u898f\u683c\u3092\u88dc\u3046DKIM-ADSP\u3068\u3044\u3046\u6a19\u6e96\u304c\u3042\u308a\u3001RFC 5617\u3067\u6a19\u6e96\u5316\u3055\u308c\u3066\u3044\u308b\u3002<\/p>\n<\/blockquote>\n

 <\/p>\n

\u624b\u9806<\/strong><\/h4>\n

epel-release\u3092\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb<\/strong><\/p>\n

\n
yum install epel-release<\/code><\/pre>\n<\/div>\n
\u5b9f\u884c\u7d50\u679c<\/p>\n
\n
\u00a0<\/code><\/pre>\n<\/div>\n
<\/pre>\n
opendkim\u3092\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb<\/strong><\/p>\n
\n
yum install --enablerepo=epel opendkim<\/code><\/pre>\n<\/div>\n
\u5b9f\u884c\u7d50\u679c<\/p>\n
\n
\u00a0<\/code><\/pre>\n<\/div>\n
<\/pre>\n
\u9375\u3092\u683c\u7d0d\u3059\u308b\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u3092\u4f5c\u6210<\/strong><\/p>\n
\n
mkdir \/etc\/opendkim\/keys\/example.com<\/code><\/pre>\n<\/div>\n
\u5b9f\u884c\u7d50\u679c<\/p>\n
\n
\u00a0<\/code><\/pre>\n<\/div>\n
<\/pre>\n
\u9375\u306e\u4f5c\u6210<\/strong><\/p>\n
\n
opendkim-genkey -h rsa-sha256 -D \/etc\/opendkim\/keys\/example.com -d example.com -s hoge<\/code><\/pre>\n<\/div>\n
\u5b9f\u884c\u7d50\u679c<\/p>\n
\n
<\/code><\/pre>\n<\/div>\n
<\/pre>\n
\u6240\u6709\u8005\u3092\u5909\u66f4<\/strong><\/p>\n
\n
chown -R opendkim: \/etc\/opendkim\/keys\/example.com\/<\/code><\/pre>\n<\/div>\n
\u5b9f\u884c\u7d50\u679c<\/p>\n
\n
\u00a0<\/code><\/pre>\n<\/div>\n
<\/pre>\n
DNS\u306e\u30ec\u30b3\u30fc\u30c9\u3092\u78ba\u8a8d<\/strong><\/p>\n
\n
cat \/etc\/opendkim\/keys\/example\/hoge.txt<\/code><\/pre>\n<\/div>\n
\u5b9f\u884c\u7d50\u679c \u203b\u30b5\u30f3\u30d7\u30eb<\/p>\n
\n
hoge._domainkey      IN      TXT     ( \"v=DKIM1; h=rsa-sha256; k=rsa; \"\r\n          \"p=MIGfMAN0GCSqBCGADAGSIb3DUgQDAA4QEQBCBiQK5\/ZqB5wX5vv\/FJFfvfK9uDBlhZ31NK5ETZC1VYRHu6Ij3iq1Un1C7a8JJF7wOCSuq+uXWePKN5mPz3iXFOGuPad\/cqZJGSvFZ9S5dzLpCepEN28wbZH+QIDAQABpXYMPuaIkiPoE3NHQqmAxAzxaKkGHMQQdCxA74Gn7lvINayETWc6i\" )  ; ----- DKIM key hoge for dayspay.example.com<\/code><\/pre>\n<\/div>\n
\u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb\u306e\u7de8\u96c6\u2460<\/strong><\/pre>\n
\n
sudo vi \/etc\/sysconfig\/opendkim<\/code><\/pre>\n<\/div>\n
\u7de8\u96c6\u7b87\u6240<\/p>\n
*\u4fee\u6b63<\/p>\n
\n
Mode v\r\n\u2193\r\nMode sv\r\n<\/code><\/pre>\n<\/div>\n
*\u4fee\u6b63<\/p>\n
\n
SoftwareHeader        yes\r\n\u2193\r\nSoftwareHeader        no\r\n<\/code><\/pre>\n<\/div>\n
*\u4fee\u6b63<\/p>\n
\n
Domain        example.com\r\n\u2193\r\nDomain        example.com\r\n<\/code><\/pre>\n<\/div>\n
*\u4fee\u6b63<\/p>\n
\n
KeyFile      \/etc\/opendkim\/keys\/default.private\r\n\u2193\r\n# KeyFile      \/etc\/opendkim\/keys\/default.private\r\n<\/code><\/pre>\n<\/div>\n
*\u4fee\u6b63<\/p>\n
\n
# KeyTable      \/etc\/opendkim\/KeyTable\r\n\u2193\r\nKeyTable      \/etc\/opendkim\/KeyTable\r\n<\/code><\/pre>\n<\/div>\n
*\u4fee\u6b63<\/p>\n
\n
# SigningTable  refile:\/etc\/opendkim\/SigningTable\r\n\u2193\r\nSigningTable  refile:\/etc\/opendkim\/SigningTable\r\n<\/code><\/pre>\n<\/div>\n
*\u4fee\u6b63<\/p>\n
\n
# ExternalIgnoreList  refile:\/etc\/opendkim\/TrustedHosts\r\n\u2193\r\nExternalIgnoreList  refile:\/etc\/opendkim\/TrustedHosts\r\n<\/code><\/pre>\n<\/div>\n
*\u4fee\u6b63<\/p>\n
\n
# InternalHosts refile:\/etc\/opendkim\/TrustedHosts\r\n\u2193\r\nInternalHosts refile:\/etc\/opendkim\/TrustedHosts\r\n<\/code><\/pre>\n<\/div>\n
 <\/p>\n
\u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb\u306e\u7de8\u96c6\u2461<\/strong><\/p>\n
\n
sudo vi \/etc\/opendkim\/KeyTable<\/code><\/pre>\n<\/div>\n
\u7de8\u96c6\u7b87\u6240<\/p>\n
*\u8ffd\u52a0<\/p>\n
\n
hoge._domainkey.example.com example.com:hoge:\/etc\/opendkim\/keys\/example.com\/hoge.private<\/code><\/pre>\n<\/div>\n
 <\/p>\n
\u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb\u306e\u7de8\u96c6\u2462<\/strong><\/p>\n
\n
\/etc\/opendkim\/SigningTabl<\/code><\/pre>\n<\/div>\n
\u7de8\u96c6\u7b87\u6240<\/p>\n
*\u8ffd\u52a0<\/p>\n
\n
*@example.com hoge._domainkey.example.com<\/code><\/pre>\n<\/div>\n
 <\/p>\n
postfix\u306e\u8ffd\u52a0\u8a2d\u5b9a<\/strong><\/p>\n
\n
sudo vi \/etc\/postfix\/main.cf<\/code><\/pre>\n<\/div>\n
\u7de8\u96c6\u7b87\u6240<\/p>\n
*\u8ffd\u52a0<\/p>\n
\n
# DKIM\r\nsmtpd_milters = inet:127.0.0.1:8891\r\nnon_smtpd_milters = $smtpd_milters\r\nmilter_default_action = accept\r\n<\/code><\/pre>\n<\/div>\n
 <\/p>\n
opendkim\u306e\u81ea\u52d5\u8d77\u52d5\u8a2d\u5b9a<\/strong><\/p>\n
\n
systemctl enable opendkim<\/code><\/pre>\n<\/div>\n
opendkim\u306e\u8d77\u52d5<\/strong><\/p>\n
\n
systemctl start opendkim<\/code><\/pre>\n<\/div>\n
postfix\u306e\u518d\u8d77\u52d5<\/strong><\/p>\n
\n
systemctl restart postfix<\/code><\/pre>\n<\/div>\n
 <\/p>\n
\u88dc\u8db3<\/strong><\/h4>\n
DNS\u3078\u306e\u767b\u9332\u306f\u6b21\u306e\u5024\u3068\u306a\u308b\u3002\u3000\u203b\u30b5\u30f3\u30d7\u30eb<\/p>\n
\n
hoge._domainkey.example.com IN TXT \"v=DKIM1; h=rsa-sha256; k=rsa; \"p=MIGfMAN0GCSqBCGADAGSIb3DUgQDAA4QEQBCBiQK5\/ZqB5wX5vv\/FJFfvfK9uDBlhZ31NK5ETZC1VYRHu6Ij3iq1Un1C7a8JJF7wOCSuq+uXWePKN5mPz3iXFOGuPad\/cqZJGSvFZ9S5dzLpCepEN28wbZH+QIDAQABpXYMPuaIkiPoE3NHQqmAxAzxaKkGHMQQdCxA74Gn7lvINayETWc6i\"<\/code><\/pre>\n<\/div>\n
DKIM\u304c\u6a5f\u80fd\u3057\u3066\u3044\u308b\u304b\u78ba\u8a8d\u3059\u308b\u65b9\u6cd5\u3068\u3057\u3066\u306f\u3001Gmail\u7b49\u306b\u9001\u4fe1\u3057\u3066\u307f\u3066\u30bd\u30fc\u30b9\u304b\u3089DKIM\u304cPASS\u306b\u306a\u3063\u3066\u3044\u308c\u3070\u6b63\u5e38\u3068\u306a\u308a\u307e\u3059\u3002<\/p>\n","protected":false},"excerpt":{"rendered":"
\u6982\u8981 \u8ff7\u60d1\u30e1\u30fc\u30eb\u5bfe\u7b56\u3068\u3057\u3066DKIM\u3092\u8a2d\u5b9a\u3059\u308b\u624b\u9806\u306b\u3064\u3044\u3066\u8a18\u8f09\u3057\u3066\u3044\u307e\u3059\u3002 DKIM (Domainkeys Identified Mail) DKIM\u306f\u3001\u96fb\u5b50\u7f72\u540d\u65b9\u5f0f\u306e\u9001\u4fe1\u30c9\u30e1\u30a4\u30f3\u8a8d\u8a3c\u3067\u3042\u308b\u3002IETF\u306b\u304a\u3044\u3066Sendma…<\/p>\n","protected":false},"author":3,"featured_media":1502,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_feature_clip_id":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2},"jetpack_post_was_ever_published":false},"categories":[68],"tags":[104,63],"class_list":["post-1475","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security","tag-dkim","tag-postfix"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"https:\/\/www.itc109.com\/knowledge\/wp-content\/uploads\/sites\/2\/logo-opendkim.png","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/sacZwp-dkim","_links":{"self":[{"href":"https:\/\/www.itc109.com\/knowledge\/wp-json\/wp\/v2\/posts\/1475","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.itc109.com\/knowledge\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.itc109.com\/knowledge\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.itc109.com\/knowledge\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.itc109.com\/knowledge\/wp-json\/wp\/v2\/comments?post=1475"}],"version-history":[{"count":36,"href":"https:\/\/www.itc109.com\/knowledge\/wp-json\/wp\/v2\/posts\/1475\/revisions"}],"predecessor-version":[{"id":2522,"href":"https:\/\/www.itc109.com\/knowledge\/wp-json\/wp\/v2\/posts\/1475\/revisions\/2522"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.itc109.com\/knowledge\/wp-json\/wp\/v2\/media\/1502"}],"wp:attachment":[{"href":"https:\/\/www.itc109.com\/knowledge\/wp-json\/wp\/v2\/media?parent=1475"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.itc109.com\/knowledge\/wp-json\/wp\/v2\/categories?post=1475"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.itc109.com\/knowledge\/wp-json\/wp\/v2\/tags?post=1475"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}