Domainkey Introduction:
Yahoo's technology is known as the "DNS-side electronic signature (DomainKeys)", designed to deal with a variety of spam messages that have been transformed.
Spam often cheats the user by altering the e-mail message, and users tend to mistakenly think that this is not spam, and that the likelihood of opening a view is increased.
Yahoo's "DomainKeys" allows e-mail-receiving systems to check for e-mails to determine whether the sender's identity is false.
"DomainKeys" verifies the identity of the sender of an e-mail message by using encryption technology. Outgoing emails are digitally signed with a private password,
The system that accepts e-mail uses a public password to verify the signature.
I. Installation of Domainkey
Implementation steps
Os:redhat 2.6.9-55.el
Postfix:postfix-2.5.1-1.mysql.sasl2.vda.rhel4
Dk-milter:dk-milter-1.0.1.tar.gz
1. Install Dk-milter
Attention:
Please check to see if the Sendmail-devel package is installed before installing
Because there will be dependencies at compile time
Download http://nchc.dl.sourceforge.net/sourceforge/dk-milter/dk-milter-1.0.1.tar.gz
[root@ opt] #tar zxvf dk-milter-1.0.1.tar.gz
[root@ opt] #cd dk-milter-1.0.1
[root@ opt] #sh build-c
[root@ opt] #sh buld install
[root@ opt] #cd dk-filter
[root@ opt] #chmod +x gentxt.csh
[root@ opt]#./gentxt.sh default *****.com
[root@ opt] #cp Default.private/etc/postfix/****.com.key.pem
[root@ opt] #chmod 600/etc/postfix/****.key.pem
[root@ opt]#/usr/bin/dk-filter-a-l-p inet:8891@localhost-d ****.com-s/etc/postfix/****.com.key.pem-s Default
Dk-filter parameter Description:
-A peerlist # which hosts do not check
-A # dk-filter automatically restarts after hanging off
-B Modes # s (singer)/V (verify) preset to SV
-C Canon # Preset is simple (message headers are unchanged),
# also is relaxed (mail header may modify, remove whitespace, do not wrap)
-C Config # detail configuration
-D domlist # List of domain names to be signed, separated by commas
-D #
-F # front desk execution
-H # Add x-domainkeys information to Mail Header
-H # domainkey-signature header information for a description signature
-I IList # only do signature, do not verify, default 127.0.0.1
-I elist # through this host forwarding the letter to do signature, do not verify
-L # Log logs to Maillog
-M Mtalist # MTA name, that is, name in Daemonportoptions, preset is all
-M Macrolist # MTA macros which enable signing
-O hdrlist # which headers are not sign,ex:-O to,subject,date, from must be sign
-P pidfile # PID file process path
-S KeyFile # private key
-S Selector # selector, will be selector._domainkey. Domain for Type=txt Query
-U userid # Run user
-V # Check version