E hōʻike ana kēia alakaʻi iā ʻoe i ke kaʻina hana o ka hoʻonohonoho ʻana i ka SPF, DKIM и DMARC - ʻekolu mau mea koʻikoʻi e hoʻomaikaʻi i ka hana hoʻouna leka uila.
ʻO ka hoʻonohonoho kūpono o SPF, DKIM и DMARC e hoʻonui i ka hilinaʻi o nā kikowaena leka uila a hōʻemi i ka hiki ke komo i kāu leka uila i ka spam.
- ʻO SPF (Sender Policy Framework) kahi hana palekana i hoʻolālā ʻia e pale aku i ka hoʻouna ʻana i nā leka uila no ʻoe. Hoʻoholo ia i nā helu IP i ʻae ʻia e hoʻouna i nā leka uila a ʻaʻole.
- ʻO DKIM (DomainKeys Identified Mail) kahi ala hōʻoia memo. Ke hoʻouna ʻia kēlā me kēia leka uila, kau inoa ʻia me ke kī pilikino a laila hōʻoia ʻia ma ke kikowaena leka uila (a i ʻole ka mea lawelawe pūnaewele) me ke kī lehulehu DNS.
- Hoʻohana ʻo DMARC (Domain-based Message Authentication, Reporting & Conformance) i ka SPF a me DKIM no ka hōʻoia ʻana i ka leka uila, e hōʻemi ana i ka spam a me ka phishing attacks.
Hoʻonohonoho SPF (Sender Policy Framework)
1.1. No ka hoʻonohonoho ʻana iā SPF, pono e hoʻohui ʻia kahi moʻolelo TXT i nā hoʻonohonoho DNS o kāu kikowaena.
1.2. ʻO kēia ka syntax o ka moʻolelo SPF:
- v=spf1: hoʻoholo i kahi mana SPF i hoʻohana ʻia e ʻoe. I kēia lā, hoʻohana wale ʻia ʻo SPF1.
- ip4:[Your_Mail_Server_IP]: Hōʻike ia ua ʻae ʻia kāu helu IP kikowaena leka uila e hoʻouna i ka leka uila ma ka inoa o kāu kikowaena.
- a: Hōʻike ia inā loaʻa i kahi kikowaena kahi moʻolelo A (IPv4 address) ma DNS, hiki i ke kikowaena i kuhikuhi ʻia ma ia moʻolelo ke hoʻouna i ka leka uila ma ka inoa o ka domain.
- mx: E hōʻike ana inā loaʻa i kahi kikowaena kahi moʻolelo MX (mail exchange) ma DNS, hiki i ke kikowaena i kuhikuhi ʻia i kēia moʻolelo ke hoʻouna i ka leka uila ma ka inoa o ka domain.
- ~a pau: Hōʻike ʻia ʻo nā kikowaena wale nō i ka moʻolelo SPF hiki ke hoʻouna i ka leka uila ma ka inoa o ka domain. Inā hele mai ka leka uila mai kahi kikowaena ʻē aʻe, e kaha ʻia ʻo ia ma ke ʻano he "pāʻani palupalu" (~), ʻo ia ka mea hiki ke ʻae ʻia, akā kaha ʻia me he spam hiki.
Hoʻohui pū ʻia kēia mau mea i kahi SPF e like me kēia:
Inoa: [Your_Domain]
v=spf1 ip4:[Your_Mail_Server_IP] a mx ~allE hoʻololi i [Your_Mail_Server_IP] me kāu helu IP kikowaena leka uila.
DKIM (DomainKeys Identified Mail).
2.1. E hoʻokomo mua i nā mea hana opendkim a me opendkim. ʻO ke kaʻina hana e pili ana i ka ʻōnaehana hana:
No CentOS:
yum install opendkim -yNo Debian/Ubuntu:
apt install opendkim opendkim-tools -y2.2. A laila, e hoʻomaka i ka lawelawe opendkim a hiki i ka hoʻomaka ʻana i ka wā boot:
systemctl start opendkim
systemctl enable opendkim2.3. E hana i papa kuhikuhi no ka mālama ʻana i nā kī:
mkdir -p /etc/opendkim/keys/yourdomain.com2.4. E hana i nā kī me ka mea hana opendkim-genkey:
opendkim-genkey --directory /etc/opendkim/keys/yourdomain.com/ --domain yourdomain.com --selector dkimMai poina e hoʻololi i 'yourdomain.com' me kou inoa inoa maoli.
2.5. E hoʻonoho i nā ʻae kūpono no nā kī:
chown -R opendkim:opendkim /etc/opendkim/keys/yourdomain.com2.6. I kēia manawa pono mākou e hoʻonohonoho i ka opendkim. E wehe i ka faila /etc/opendkim.conf a hoʻohui i kēia mau hoʻonohonoho:
AutoRestart Yes
AutoRestartRate 10/1h
Umask 002
Syslog Yes
SyslogSuccess Yes
LogWhy Yes
Canonicalization relaxed/simple
ExternalIgnoreList refile:/etc/opendkim/TrustedHosts
InternalHosts refile:/etc/opendkim/TrustedHosts
KeyTable refile:/etc/opendkim/KeyTable
SigningTable refile:/etc/opendkim/SigningTable
Mode sv
PidFile /var/run/opendkim/opendkim.pid
SignatureAlgorithm rsa-sha256
UserID opendkim:opendkim
Socket inet:8891@localhost2.7. Hoʻohui i kāu kikowaena i /etc/opendkim/TrustedHosts file
127.0.0.1
localhost
*.yourdomain.com2.8. Hoʻoponopono /etc/opendkim/KeyTable file e like me kēia:
dkim._domainkey.yourdomain.com yourdomain.com:dkim:/etc/opendkim/keys/yourdomain.com/dkim.private2.9. E hoʻololi i ka faila /etc/opendkim/SigningTable. I mea e like me keia
*@yourdomain.com dkim._domainkey.yourdomain.com2.10. Inā hoʻohana ʻoe iā Debian/Ubuntu, e kuhikuhi i ke awa opendkim:
echo 'SOCKET="inet:8891@localhost"' >> /etc/default/opendkim2.11. E hoʻomaka hou i ka lawelawe opendkim i mea e hoʻohana ʻia ai nā loli:
systemctl restart opendkim2.12. ʻO ka hope, hoʻohui i ke kī lehulehu i nā hoʻonohonoho DNS o kāu kikowaena. Aia nā kī ma /etc/opendkim/keys/yourdomain.com/dkim.txt.
DMARC (Domain-based Message Authentication, Reporting & Conformance) hoʻonohonoho
3.1. No ka hoʻonohonoho ʻana i ka DMARC, hoʻohui i kahi moʻolelo TXT i kāu hoʻonohonoho kikowaena:
Name: _dmarc.[Your_Domain].
Значение: v=DMARC1; p=none; aspf=r; sp=noneE hoʻololi i [Your_Domain] me ka inoa o kāu kikowaena.
PTR (Pointer Record).
4.1. Hoʻohana ʻia kahi moʻolelo PTR, ʻike ʻia hoʻi he moʻolelo DNS reverse, e hoʻololi i kahi leka uila IP i kahi inoa kikowaena. He mea nui kēia no nā kikowaena leka no ka mea hiki i kekahi mau kikowaena ke hōʻole i nā memo me ka ʻole o ka moʻolelo PTR.
4.2. Hoʻonohonoho pinepine ʻia ka moʻolelo PTR i nā hoʻonohonoho o ka mea lawelawe pūnaewele a i ʻole ka mea hoʻolako kikowaena. Inā hiki iā ʻoe ke komo i kēia mau hoʻonohonoho, hiki iā ʻoe ke hoʻonohonoho i kahi moʻolelo PTR ma ke kuhikuhi ʻana i ka helu IP o kāu kikowaena a me kona inoa kikowaena pili.
4.3. Inā ʻaʻole hiki iā ʻoe ke komo i nā hoʻonohonoho moʻolelo PTR, e kelepona i kāu mea lawelawe pūnaewele a i ʻole ka mea hoʻolako kikowaena me kahi noi hoʻonohonoho hoʻonohonoho moʻolelo PTR.
4.4. Ma hope o ka hoʻokomo ʻana iā PTR, hiki iā ʻoe ke nānā iā ia me ka hoʻohana ʻana i ke kauoha eli ma Linux:
dig -x your_server_IPE hoʻololi iā 'your_server_IP' me ka helu IP o kāu kikowaena. Pono e hoʻokomo i kāu inoa kikowaena i ka pane.
Ma hope o ka hoʻopau ʻana i nā ʻanuʻu a pau o ka hoʻonohonoho ʻana iā SPF, DKIM a me DMARC, ʻoi aku ka liʻiliʻi o ke kikowaena leka uila e hōʻailona i kāu mau leka uila ma ke ʻano he spam - e hōʻoiaʻiʻo ia e hiki i kāu mau leka i ka poʻe loaʻa.
