Postfix the configuration of a large number of outgoing mail servers Domainkey

Domainkey Introduction:

Yahoo's technology is known as the "DNS-side electronic signature (DomainKeys)", designed to deal with a variety of spam messages that have been transformed.

Spam often cheats the user by altering the e-mail message, and users tend to mistakenly think that this is not spam, and that the likelihood of opening a view is increased.

Yahoo's "DomainKeys" allows e-mail-receiving systems to check for e-mails to determine whether the sender's identity is false.

"DomainKeys" verifies the identity of the sender of an e-mail message by using encryption technology. Outgoing emails are digitally signed with a private password,

The system that accepts e-mail uses a public password to verify the signature.

I. Installation of Domainkey

Implementation steps

Os:redhat 2.6.9-55.el

Postfix:postfix-2.5.1-1.mysql.sasl2.vda.rhel4

Dk-milter:dk-milter-1.0.1.tar.gz

1. Install Dk-milter

Attention:

Please check to see if the Sendmail-devel package is installed before installing

Because there will be dependencies at compile time

Download http://nchc.dl.sourceforge.net/sourceforge/dk-milter/dk-milter-1.0.1.tar.gz

[root@ opt] #tar zxvf dk-milter-1.0.1.tar.gz

[root@ opt] #cd dk-milter-1.0.1

[root@ opt] #sh build-c

[root@ opt] #sh buld install

[root@ opt] #cd dk-filter

[root@ opt] #chmod +x gentxt.csh

[root@ opt]#./gentxt.sh default *****.com

[root@ opt] #cp Default.private/etc/postfix/****.com.key.pem

[root@ opt] #chmod 600/etc/postfix/****.key.pem

[root@ opt]#/usr/bin/dk-filter-a-l-p inet:8891@localhost-d ****.com-s/etc/postfix/****.com.key.pem-s Default

Dk-filter parameter Description:

-A peerlist # which hosts do not check

-A # dk-filter automatically restarts after hanging off

-B Modes # s (singer)/V (verify) preset to SV

-C Canon # Preset is simple (message headers are unchanged),

# also is relaxed (mail header may modify, remove whitespace, do not wrap)

-C Config # detail configuration

-D domlist # List of domain names to be signed, separated by commas

-D #

-F # front desk execution

-H # Add x-domainkeys information to Mail Header

-H # domainkey-signature header information for a description signature

-I IList # only do signature, do not verify, default 127.0.0.1

-I elist # through this host forwarding the letter to do signature, do not verify

-L # Log logs to Maillog

-M Mtalist # MTA name, that is, name in Daemonportoptions, preset is all

-M Macrolist # MTA macros which enable signing

-O hdrlist # which headers are not sign,ex:-O to,subject,date, from must be sign

-P pidfile # PID file process path

-S KeyFile # private key

-S Selector # selector, will be selector._domainkey. Domain for Type=txt Query

-U userid # Run user

-V # Check version