LINUX.ORG.RU
ФорумAdmin

Exim4 + DKIM

 , ,


0

1

Уже который день бьюсь с почтой - никак не могу добавить заголовки dkim. Поэтому прошу помощи. Сгенерил ключи, добавил их в днс: 

support:/etc/exim4/dkim# ll
/etc/exim4/dkim
total 16K
drwxr-xr-x 4 root        root        4.0K Dec 30 14:55 ..
-rw-r----- 1 Debian-exim Debian-exim  887 Jan 21 22:39 mmdsmart.com.key
-rw-r----- 1 Debian-exim Debian-exim  299 Jan 21 22:39 mail.txt
drwxr-xr-x 2 Debian-exim Debian-exim 4.0K Jan 21 22:42 .

support:/etc/exim4/dkim# openssl rsa -in mmdsmart.com.key -pubout
writing RSA key
-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC6HZSRvbNUuWnQEVSY5MfSWEn+
BkgcKD2bA0IOrIgiUef93QdpTDqU1zmVg2ozfBUfWx5gqhmvpt0pg7urClWCvEZn
hOfR8mLatgTCs5BuPCVFNbAwKbsahwQ6JYxCcieaCpRP3roqPdbcU1qGhEkyECu1
hQ7nnIEejYXIpC4l9wIDAQAB
-----END PUBLIC KEY-----
support:/etc/exim4/dkim# cat mail.txt
mail._domainkey IN TXT "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC6HZSRvbNUuWnQEVSY5MfSWEn+BkgcKD2bA0IOrIgiUef93QdpTDqU1zmVg2ozfBUfWx5gqhmvpt0pg7urClWCvEZnhOfR8mLatgTCs5BuPCVFNbAwKbsahwQ6JYxCcieaCpRP3roqPdbcU1qGhEkyECu1hQ7nnIEejYXIpC4l9wIDAQAB" ; ----- DKIM key mail for mmdsmart.com
support:/etc/exim4/dkim# dig txt mail._domainkey.mmdsmart.com

; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> txt mail._domainkey.mmdsmart.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20983
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;mail._domainkey.mmdsmart.com.	IN	TXT

;; ANSWER SECTION:
mail._domainkey.mmdsmart.com. 1603 IN	TXT	"v=DKIM1\; k=rsa\; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC6HZSRvbNUuWnQEVSY5MfSWEn+BkgcKD2bA0IOrIgiUef93QdpTDqU1zmVg2ozfBUfWx5gqhmvpt0pg7urClWCvEZnhOfR8mLatgTCs5BuPCVFNbAwKbsahwQ6JYxCcieaCpRP3roqPdbcU1qGhEkyECu1hQ7nnIEejYXIpC4l9wIDAQAB"

;; Query time: 2 msec
;; SERVER: 77.247.176.114#53(77.247.176.114)
;; WHEN: Wed Jan 21 23:14:52 2015
;; MSG SIZE  rcvd: 293

Дальше по одному из миллиона мануалов «exim+dkim+debain» правлю транспорт в exim4.conf.template 

remote_smtp:
  debug_print = "T: remote_smtp for $local_part@$domain"
  driver = smtp
  interface = ${lookup{$sender_address_domain}lsearch{/etc/exim4/interfaces}{$value}{109.201.138.161}}
.ifdef REMOTE_SMTP_HOSTS_AVOID_TLS
  hosts_avoid_tls = REMOTE_SMTP_HOSTS_AVOID_TLS
.endif
.ifdef REMOTE_SMTP_HEADERS_REWRITE
  headers_rewrite = REMOTE_SMTP_HEADERS_REWRITE
.endif
.ifdef REMOTE_SMTP_RETURN_PATH
  return_path = REMOTE_SMTP_RETURN_PATH
.endif
.ifdef REMOTE_SMTP_HELO_DATA
  helo_data=${lookup{$sending_ip_address}lsearch{/etc/exim4/mailhelo}{$value}{mmdsmart.com}}
.endif
.ifdef DKIM_DOMAIN
DKIM_DOMAIN = ${lc:${domain:$h_from:}}
.endif
.ifdef DKIM_SELECTOR
dkim_selector = mail
.endif
.ifdef DKIM_PRIVATE_KEY
DKIM_PRIVATE_KEY = /etc/exim4/dkim/${lc:${domain:$h_from:}}.key
.endif
.ifdef DKIM_CANON
dkim_canon = simple
.endif
.ifdef DKIM_STRICT
dkim_strict = DKIM_STRICT
.endif
.ifdef DKIM_SIGN_HEADERS
dkim_sign_headers = DKIM_SIGN_HEADERS
.endif
.ifdef TLS_DH_MIN_BITS
tls_dh_min_bits = TLS_DH_MIN_BITS
.endif
Рестартую exim, отправляю письмо и все равно заголовки не приходят. Где накосячил?


Ответ на: комментарий от hizel

исправил на 

DKIM_FILE = /etc/exim4/dkim/${lc:${domain:$h_from:}}.key
DKIM_PRIVATE_KEY = ${if exists{DKIM_FILE}{DKIM_FILE}{0}}

все равно нет заголовков

ky4k0b
() автор топика

exim4.conf.template

А разве в дебиане не с него делается куча мелких файлов, которые в действительности и конфигурируют exim? Т.е. надо перегенерять мелкие, либо добавить в conf.d/<чего-то там с транспортом>

turtle_bazon ★★★★★
()
Последнее исправление: turtle_bazon (всего исправлений: 1)
Ответ на: комментарий от turtle_bazon 
support:/var/www/support# cat /etc/exim4/update-exim4.conf.conf|grep split
dc_use_split_config='false'
ky4k0b
() автор топика

Не знаю как там именно с автоконфигурируемым конфигом в дебиане, вот пример работающего транспорта в статичном конфиге:

        remote_smtp:
		driver = smtp
		dkim_domain=mmdsmart.com
		dkim_selector = mail
		dkim_private_key=/etc/exim4/dkim/mmdsmart.com.key
		dkim_canon = relaxed
feanor ★★★
()
Ответ на: комментарий от feanor

Проблема в том, что у меня даже со статическими параметрами не работает. Может быть у меня не так с правами на ключ? Или где-то глобально в конфигурации дким выключен?

ky4k0b
() автор топика
Ответ на: комментарий от hizel 
support:~# exim -bV
Exim version 4.80 #3 built 02-Jan-2013 19:40:22
Copyright (c) University of Cambridge, 1995 - 2012
(c) The Exim Maintainers and contributors in ACKNOWLEDGMENTS file, 2007 - 2012
Berkeley DB: Berkeley DB 5.1.29: (October 25, 2011)
Support for: crypteq iconv() IPv6 GnuTLS move_frozen_messages DKIM
Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmjz dbmnz dnsdb dsearch nis nis0 passwd
Authenticators: cram_md5 plaintext
Routers: accept dnslookup ipliteral manualroute queryprogram redirect
Transports: appendfile/maildir/mailstore autoreply lmtp pipe smtp
Fixed never_users: 0
Size of off_t: 8
Configuration file is /var/lib/exim4/config.autogenerated

support:~# exim -bP
accept_8bitmime
acl_not_smtp =
acl_not_smtp_start =
acl_smtp_auth =
acl_smtp_connect =
acl_smtp_data = acl_check_data
acl_smtp_dkim =
acl_smtp_etrn =
acl_smtp_expn =
acl_smtp_helo =
acl_smtp_mail = acl_check_mail
acl_smtp_mailauth =
acl_smtp_notquit =
acl_smtp_predata =
acl_smtp_quit =
acl_smtp_rcpt = acl_check_rcpt
acl_smtp_starttls =
acl_smtp_vrfy =
admin_groups =
no_allow_domain_literals
no_allow_mx_to_ip
no_allow_utf8_domains
auth_advertise_hosts = *
auto_thaw = 0s
bi_command =
bounce_message_file =
bounce_message_text =
bounce_return_body
bounce_return_message
bounce_return_size_limit = 100K
bounce_sender_authentication =
callout_domain_negative_expire = 3h
callout_domain_positive_expire = 1w
callout_negative_expire = 2h
callout_positive_expire = 1d
callout_random_local_part = $primary_hostname-$tod_epoch-testing
check_log_inodes = 0
check_log_space = 0
check_rfc2047_length
check_spool_inodes = 0
check_spool_space = 0
daemon_smtp_ports = smtp
daemon_startup_retries = 9
daemon_startup_sleep = 30s
delay_warning = 1d
delay_warning_condition = ${if or {{ !eq{$h_list-id:$h_list-post:$h_list-subscribe:}{} }{ match{$h_precedence:}{(?i)bulk|list|junk} }{ match{$h_auto-submitted:}{(?i)auto-generated|auto-replied} }} {no}{yes}}
no_deliver_drop_privilege
deliver_queue_load_max =
delivery_date_remove
no_disable_ipv6
dkim_verify_signers = $dkim_signers
dns_again_means_nonexist =
dns_check_names_pattern = (?i)^(?>(?(1)\.|())[^\W](?>[a-z0-9/_-]*[^\W])?)+(\.?)$
dns_csa_search_limit = 5
dns_csa_use_reverse
dns_ipv4_lookup =
dns_retrans = 0s
dns_retry = 0
dns_use_edns0 = -1
no_drop_cr
dsn_from = Mail Delivery System <Mailer-Daemon@$qualify_domain>
envelope_to_remove
errors_copy =
errors_reply_to =
exim_group = Debian-exim
exim_path = /usr/sbin/exim4
exim_user = Debian-exim
extra_local_interfaces =
extract_addresses_remove_arguments
finduser_retries = 0
freeze_tell = postmaster
gecos_name = $1
gecos_pattern = ^([^,:]*)
no_gnutls_compat_mode
gnutls_require_kx =
gnutls_require_mac =
gnutls_require_protocols =
header_line_maxsize = 0
header_maxsize = 1048576
headers_charset = UTF-8
helo_accept_junk_hosts =
helo_allow_chars =
helo_lookup_domains = @ : @[]
helo_try_verify_hosts =
helo_verify_hosts =
hold_domains =
host_lookup = *
host_lookup_order = bydns:byaddr
host_reject_connection =
hosts_connection_nolog =
hosts_treat_as_local =
ignore_bounce_errors_after = 2d
ignore_fromline_hosts =
no_ignore_fromline_local
keep_malformed = 4d
no_local_from_check
local_from_prefix =
local_from_suffix =
local_interfaces = <; 127.0.0.1 ; ::1
local_scan_path =
local_scan_timeout = 5m
local_sender_retain
localhost_number =
log_file_path = /var/log/exim4/%slog
log_selector = +tls_peerdn
no_log_timezone
lookup_open_max = 25
max_username_length = 0
no_message_body_newlines
message_body_visible = 500
message_id_header_domain = $smtp_active_hostname
message_id_header_text =
message_logs
message_size_limit = 50M
no_move_frozen_messages
no_mua_wrapper
never_users =
openssl_options =
percent_hack_domains =
pid_file_path = /var/run/exim4/exim.pid
pipelining_advertise_hosts = *
no_preserve_message_logs
primary_hostname = support.mmdsmart.com
no_print_topbitchars
process_log_path = /var/spool/exim4/exim-process.info
prod_requires_admin
qualify_domain = debian.localhost
qualify_recipient = debian.localhost
queue_domains =
queue_list_requires_admin
no_queue_only
queue_only_file =
queue_only_load =
queue_only_load_latch
queue_only_override
no_queue_run_in_order
queue_run_max = 5
queue_smtp_domains =
receive_timeout = 0s
received_header_text = Received: ${if def:sender_rcvhost {from $sender_rcvhost\n\t}{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)\n\t}}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} ${if def:tls_cipher {($tls_cipher)\n\t}}(Exim $version_number)\n\t${if def:sender_address {(envelope-from <$sender_address>)\n\t}}id $message_exim_id${if def:received_for {\n\tfor $received_for}}
received_headers_max = 30
recipient_unqualified_hosts =
recipients_max = 0
no_recipients_max_reject
remote_max_parallel = 2
remote_sort_domains =
retry_data_expire = 1w
retry_interval_max = 1d
return_path_remove
rfc1413_hosts = *
rfc1413_query_timeout = 5s
sender_unqualified_hosts =
smtp_accept_keepalive
smtp_accept_max = 20
smtp_accept_max_nonmail = 10
smtp_accept_max_nonmail_hosts = *
smtp_accept_max_per_connection = 1000
smtp_accept_max_per_host =
smtp_accept_queue = 0
smtp_accept_queue_per_connection = 10
smtp_accept_reserve = 0
smtp_active_hostname = ${lookup{$interface_address}lsearch{/etc/exim4/mailhelo}{$value}{$primary_hostname}}
smtp_banner = ${smtp_active_hostname} ESMTP Exim ${version_number}
smtp_check_spool_space
smtp_connect_backlog = 20
smtp_enforce_sync
smtp_etrn_command =
smtp_etrn_serialize
smtp_load_reserve =
smtp_max_synprot_errors = 3
smtp_max_unknown_commands = 3
smtp_ratelimit_hosts =
smtp_ratelimit_mail =
smtp_ratelimit_rcpt =
smtp_receive_timeout = 5m
smtp_reserve_hosts =
no_smtp_return_error_details
no_split_spool_directory
spool_directory = /var/spool/exim4
no_strict_acl_vars
no_strip_excess_angle_brackets
no_strip_trailing_dot
syslog_duplication
syslog_facility =
syslog_processname = exim
syslog_timestamp
system_filter =
system_filter_directory_transport =
system_filter_file_transport =
system_filter_group =
system_filter_pipe_transport =
system_filter_reply_transport =
system_filter_user =
tcp_nodelay
timeout_frozen_after = 1w
timezone =
tls_advertise_hosts =
tls_certificate =
tls_crl =
tls_dh_max_bits = 2236
tls_dhparam =
tls_on_connect_ports =
tls_privatekey =
no_tls_remember_esmtp
tls_require_ciphers =
tls_try_verify_hosts =
tls_verify_certificates =
tls_verify_hosts =
trusted_groups =
trusted_users = uucp
unknown_login =
unknown_username =
untrusted_set_sender = *
uucp_from_pattern = ^From\s+(\S+)\s+(?:[a-zA-Z]{3},?\s+)?(?:[a-zA-Z]{3}\s+\d?\d|\d?\d\s+[a-zA-Z]{3}\s+\d\d(?:\d\d)?)\s+\d\d?:\d\d?
uucp_from_sender = $1
warn_message_file =
write_rejectlog
ky4k0b
() автор топика
Ответ на: комментарий от ky4k0b

dkim_* переменные все пустые, поэтому исходящая почта не подписывается. Сам exim собран с поддержкой dkim

hizel ★★★★★
()
Ответ на: комментарий от hizel

и что же делать? 

support:/etc/exim4# grep -r dkim_private_key *
conf.d/transport/30_exim4-config_remote_smtp:dkim_private_key=/etc/exim4/dkim/mmdsmart.com.key
exim4.conf.template:dkim_private_key=/etc/exim4/dkim/mmdsmart.com.key

support:/etc/exim4# exim -bP transports|grep dkim
dkim_canon =
dkim_domain =
dkim_private_key =
dkim_selector =
dkim_sign_headers =
dkim_strict =
dkim_canon =
dkim_domain =
dkim_private_key =
dkim_selector =
dkim_sign_headers =
dkim_strict =

ky4k0b
() автор топика
Ответ на: комментарий от ky4k0b

Открыть документацию о дебьянизации exim и выяснить какого негатива ваш .template не подсовывается. Я когда имел неудовольствие пользоваться exim в debian\ubuntu не использовал template и делал полностью свою конфигурацию в exim4.conf

hizel ★★★★★
()

нахер снес это дерьмо и поставил постфикс все сразу поднялось и работает на ура

ky4k0b
() автор топика
Вы не можете добавлять комментарии в эту тему. Тема перемещена в архив.
Admin