Signature ganda domainkeys dan DKIM di Postfix

Implementasi Domainkeys.
Anton Rahmadi @23 Januari 2009
versi 1.2 GPL

Bagian I -- Domainkeys
(DKIMProxy dan dkfilter)
catatan:
Yahoo hanya mendukung dkfilter
Gmail hanya mendukung DKIM


1. Instalasi program-program PERL yang dibutuhkan
perl -MCPAN -e'CPAN::Shell->install("Build::CPAN")'
perl -MCPAN -e'CPAN::Shell->install("Crypt::OpenSSL::RSA")'
perl -MCPAN -e'CPAN::Shell->install("Digest::SHA")'
perl -MCPAN -e'CPAN::Shell->install("Digest::SHA1")'
perl -MCPAN -e'CPAN::Shell->install("Error")'
perl -MCPAN -e'CPAN::Shell->install("Mail::Address")'
perl -MCPAN -e'CPAN::Shell->install("MIME::Base64")'
perl -MCPAN -e'CPAN::Shell->install("Net::DNS")'
perl -MCPAN -e'CPAN::Shell->install("Net::Server")'
perl -MCPAN -e'CPAN::Shell->install("Test::More")'

2. Instalasi Mail-DKIM versi 0.32 (last update: 21Jan2009)
cd /usr/local/src
wget -c http://search.cpan.org/CPAN/authors/id/J/JA/JASLONG/Mail-DKIM-0.32.tar.gz
tar -xzvf Mail-DKIM-0.32.tar.gz
cd Mail-DKIM-0.32
make clean
make tidy
perl Makefile.PL
make
make test
make install
cd ..


3a. Instalasi dkfilter versi 0.11 (last update: 22Jan2009)
cd /usr/local/src
wget -c http://jason.long.name/dkfilter/dkfilter-0.11.tar.gz
tar -xzvf dkfilter-0.11.tar.gz
cd dkimproxy-1.1
make clean
make tidy
./configure --prefix=/usr/local/dkfilter
make install


3b. Instalasi dkimproxy versi 1.1 (last update: 21Jan2009)
cd /usr/local/src/
wget -c http://downloads.sourceforge.net/dkimproxy/dkimproxy-1.1.tar.gz
tar -xzvf dkimproxy-1.1.tar.gz
cd dkimproxy-1.1
make clean
make tidy
./configure --prefix=/usr/local/dkimproxy
make install


4. Buat user
groupadd dkim
useradd -s /bin/false -d /dev/null -g dkim dkim


5. Buat private dan public key
cd /usr/local/dkimproxy
openssl genrsa -out private.key 1024
openssl rsa -in private.key -pubout -out public.key
chown dkim.dkim private.key
chmod 600 private.key
cp private.key public.key /usr/local/dkfilter


6. Edit entri di DNS server / Hosting
_domainkey.namadomain.ac.id IN TXT “t=y; o=~;”
selector1._domainkey.namadomain.ac.id IN TXT "k=rsa; p=ISI_DARI_PUBLIC_KEY;"


7a. Membuat script untuk memulai dkfilter
cd /usr/local/dkfilter
vi dkfilter.sh

-------------------------ISI dkfilter.sh------------------------
#/bin/bash

#dk.out
/usr/local/dkfilter/bin/dk.out --keyfile=/usr/local/dkfilter/private.key --selector=selector1 --domain=namadomain.ac.id,mail.namadomain.ac.id --method=nowfs 127.0.0.1:10029 127.0.0.1:10030 &
[Esc][Shift-ZZ]
-------------------------ISI dkfilter.sh------------------------
chmod 755 dkfilter.sh
./dkfilter.sh



7b. Membuat script untuk memulai DKIMProxy
cd /usr/local/dkimproxy
vi dkimproxy.sh

-------------------------ISI dkimproxy.sh------------------------
#/bin/bash

#dkimproxy.in
/usr/local/dkimproxy/bin/dkimproxy.in 127.0.0.1:10025 127.0.0.1:10026 &
#dkimproxy.out
/usr/local/dkimproxy/bin/dkimproxy.out --keyfile=/usr/local/dkimproxy/private.key --selector=selector1 --domain=namadomain.ac.id,mail.namadomain.ac.id
--method=relaxed 127.0.0.1:10027 127.0.0.1:10028 &
[Esc][Shift-ZZ]
-------------------------ISI dkimproxy.sh------------------------
chmod 755 dkimproxy.sh
./dkimproxy.sh


8. Melihat keaktifan domain key
netstat -plan | grep tcpd
tcp 0 0 127.0.0.1:10025 0.0.0.0:* LISTEN 6649/perl
tcp 0 0 127.0.0.1:10027 0.0.0.0:* LISTEN 6650/perl


9. Apabila berhasil, maka masukkan dkfilter.sh dan dkimproxy.sh ke rc.local
cat "/usr/local/dkimproxy/dkimproxy.sh" >> /etc/rc.d/rc.local
cat "/usr/local/dkfilter/dkfilter.sh" >> /etc/rc.d/rc.local


10. Backup /etc/postfix/master.cf
cd /etc/postfix
cp master.cf master.cf.asli


11. Sesuaikan isi dari /etc/postfix/master.cf sebagai berikut:
# a line below is commented to support dkfilter inbound -Arahmadi@20jan2009
#smtp inet n - n - - smtpd

# begin ---- domainkeys implementation, ARahmadi @20Jan2009

#dkim.in
smtp inet n - n - - smtpd
-o smtpd_proxy_filter=127.0.0.1:10025
-o smtpd_client_connection_count_limit=10

127.0.0.1:10026 inet n - n - - smtpd
-o smtpd_authorized_xforward_hosts=127.0.0.0/8
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o smtpd_data_restrictions=
-o mynetworks=127.0.0.0/8
-o receive_override_options=no_unknown_recipient_checks

#dkim.out
submission inet n - n - - smtpd
-o smtpd_etrn_restrictions=reject
-o smtpd_sasl_auth_enable=no
-o content_filter=dkimsign:[127.0.0.1]:10027
-o receive_override_options=no_address_mappings
-o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject

dkimsign unix - - n - 10 smtp
-o smtp_send_xforward_command=yes
-o smtp_discard_ehlo_keywords=8bitmime

127.0.0.1:10028 inet n - n - 10 smtpd
#---Langsung dilempar ke luar
# -o content_filter=
#---Dilempar kembali ke dkfilter
-o content_filter=dksign:[127.0.0.1]:10029
-o receive_override_options=no_unknown_recipient_checks,no_address_mappings
-o smtpd_helo_restrictions=
-o smtpd_client_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
-o mynetworks=127.0.0.0/8
-o smtpd_authorized_xforward_hosts=127.0.0.0/8

#dk.out
dksign unix - - n - 10 smtp
-o smtp_send_xforward_command=yes
-o smtp_discard_ehlo_keywords=8bitmime

127.0.0.1:10030 inet n - n - 10 smtpd
-o content_filter=
-o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
-o smtpd_helo_restrictions=
-o smtpd_client_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
-o smtpd_authorized_xforward_hosts=127.0.0.0/8

# end ---- domainkeys implementation
Update 23Jan2009:
Sedikit tune-up tambahan
12. Ubah konfigurasi di main.cf

cd /etc/postfix
vi main.cf

---------------------perubahan isi main.cf----------------------
smtpd_delay_reject = yes
127.0.0.1:10026_time_limit = 3600
127.0.0.1:10028_time_limit = 3600
127.0.0.1:10030_time_limit = 3600
---------------------perubahan isi main.cf----------------------


13. Reload postfix
postfix reload


14. Melihat keaktifan domain key
netstat -plan | grep tcpd
tcp 0 0 127.0.0.1:10025 0.0.0.0:* LISTEN 6649/perl
tcp 0 0 127.0.0.1:10026 0.0.0.0:* LISTEN 30205/master
tcp 0 0 0.0.0.0:587 0.0.0.0:* LISTEN 30205/master
tcp 0 0 127.0.0.1:10027 0.0.0.0:* LISTEN 6650/perl
tcp 0 0 127.0.0.1:10028 0.0.0.0:* LISTEN 30205/master
tcp 0 0 127.0.0.1:10029 0.0.0.0:* LISTEN 6651/perl
tcp 0 0 127.0.0.1:10030 0.0.0.0:* LISTEN 30205/master


15. Mengubah SMTP port dari mail klien menjadi 587, BUKAN 25 atau gunakan NAT dari iptables

Comments

Post a Comment

Popular posts from this blog

NTC Thermistor Incubator Part 3: Integrating double digits 7-segment

Image
This is a close to final version of my triplet NTC thermistors incubator with multi-buttons on a single analog input and double digits 7 segment output.  You may read part1 and part2 , for the whole story. On a separated article, I replaced NTC thermistor and 7segment with LM35 probe and LCD 16x2,  here . Hardware setup I use  Arduino standalone on breadboard , common anode double digits 7 segment  16 pins, two 74HC595 s, three NTC thermistor s, an FTDI 5v uploader ,  an optocoupler protected relay module , resistors (10kΩ, 1kΩ, 4k7Ω, 470Ω, 220Ω and 47Ω), and push buttons. Since the 7 segment that I purchased has no datasheet, it is important to look at other version of common anode (tandyonline.co.uk): The final setup on breadboard: The codes You may grab the codes here What next? Obviously, the next step is to print a PCB ( there is a great tutorial  on the Tube, or if you understand Bahasa Indonesia, here is a great tutorial from Duwi ) for this project and to
Read more

Writing and reading float using Arduino EEPROM

This post is just for a personal reminder after reading discussions from elsewhere about storing and reading float values to/from EEPROM with Arduino. Scenario Writing negative float to EEPROM can be tricky, since EEPROM only recognises up to 8-bit values (see Tronixstuff  explanation ), therefore it requires an additional algorithm to make it able to store negative and float.  the scheme is to use four bits of the ATmega328's EEPROM to store numerical parts of a float value. The function involved is union . //union  value typedef union{   float flt;   byte array[4]; } FloatConverter; The code You may grab the code here
Read more

Xeon LGA 771 di mobo LGA 775

Image
Bermula dari jebolnya komputer pribadi yang digunakan untuk layanan e-learning dan repositori abstrak skripsi bagi institusi tempat kami mengabdi, petualangan menyambung nyawa komputer tua dimulai. Spike  listrik adalah biang utama rusaknya perangkat ini. Ya, sebaiknya perangkat elektronik perlu pelindung dari lonjakan listrik sekedipan mata yang mematikan. Komponen yang menjadi almarhum akibat spike  kali ini adalah VGA card dan tombol reset (kok bisa, ya?).  VGA card Radeon X1300 128 MB Komputer ini sudah cukup tua usianya, sekitar 9 tahun. Motherboard-nya Intel DG31PR dengan prosesor Intel Core 2 Duo E7500 , memori DDR 2 3 GB dan harddisk SATA 500 GB 7200 RPM.  Sistem operasi yang digunakan adalah Slackware Linux  versi 13.37. Kinerja komputer ini sebagai server e-learning untuk kategori dosen jelata macam kami sudah cukup memuaskan. Sekitar 80 orang pengguna dapat dilayani secara simultan, walau bottleneck -nya tentu saja di hard-disk dan wifi seputar ruang lab. 
Read more