7,540
edits
Changes
→amavisd.conf
{ '.' => { ttl => 21*24*3600, c => 'relaxed/simple' } } );
</pre>
# Elsőként meg kell adni az alap dkim adatokat: '''dkim_key(<domain név>, <selector>, <titkos kulcs>, <aláírás tag-ek>'''
# Majd a DKIM kiegészítő beállításait: @dkim_signature_options_bysender_maps = (...)
Nagyon sok aláírás tag van. A szabványt a RFC 4871 írja le, itt megtalálhatjuk az összes tag jelentését.
http://ietf.org/rfc/rfc4871.txt
https://opensource.apple.com/source/amavisd/amavisd-140/amavisd/amavisd-new-2.7.0/amavisd-signer
<br>
Az amaivid aláíró modulja így írja le ezen két paraméter használatát:
<source>
# Load all available private keys and supply their public key RR constraints.
# Arguments are a domain, a selector, a key (a file name of a private key in
# PEM format), followed by optional attributes/constraints (tags, represented
# here as Perl hash key/value pairs) which are allowed by RFC 4871 in a public
# key resource record (v, g, h, k, n, s, t), of which only g, h, k, s and t
# are considered to be constraints limiting the choice of a signing key.
#
# signing domain selector private key options
# ------------- -------- ---------------------- ----------
# dkim_key('example.org', 'abc', '/var/db/dkim/a.key.pem');
# dkim_key('example.org', 'yyy', '/var/db/dkim/b.key.pem', t=>'s');
# dkim_key('example.org', 'zzz', '/var/db/dkim/b.key.pem', h=>'sha256');
# dkim_key('example.com', 'sel-2008', '/var/db/dkim/sel-example-com.key.pem',
# t=>'s:y', g=>'*', k=>'rsa', h=>'sha256:sha1', s=>'email',
# n=>'testing; 1, 2');
# dkim_key('guest.example.com', 'g', '/var/db/dkim/g-guest-ex-com.key.pem');
# dkim_key('mail.example.com', 'notif', '/var/db/dkim/notif-mail.key.pem');
# @dkim_signature_options_bysender_maps maps author/sender addresses or
# domains to signature tags/requirements; possible signature tags according
# to RFC 4871 are: (v), a, (b), (bh), c, d, (h), i, l, q, s, (t), x, z;
# of which the following are determined implicitly: v, b, bh, h, t
# (tag h is controlled by %signed_header_fields); currently ignored tags
# are l and z; instead of an absolute expiration time (tag x) one may use
# a pseudo tag 'ttl' to specify a relative expiration time in seconds, which
# is converted to an absolute expiration time prior to signing: x = t + ttl;
# a built-in default is provided for each tag if no better match is found
#
# @dkim_signature_options_bysender_maps = ( {
# 'postmaster@mail.example.com' => { a => 'rsa-sha1', ttl => 7*24*3600 },
# 'spam-reporter@example.com' => { a => 'rsa-sha1', ttl => 7*24*3600 },
# 'mail.example.com' => { a => 'rsa-sha1', ttl => 10*24*3600 },
# # explicit 'd' forces a third-party signature on foreign (hosted) domains
# 'guest.example' => { d => 'guest.example.com' },
# '.example.com' => { d => 'example.com' },
# # catchall defaults
# '.' => { a => 'rsa-sha256', c => 'relaxed/simple', ttl => 30*24*3600 },
# # 'd' defaults to a domain of an author/sender address,
# # 's' defaults to whatever selector is offered by a matching key
# } );
</source>
Indítsuk újra az amavisd-t:
