Konfigurasi SPF, DKIM lan DMARC

Pandhuan iki bakal nuduhake sampeyan proses konfigurasi SPF, DKIM lan DMARC - telung komponen penting kanggo nambah kinerja ngirim email.

Konfigurasi SPF, DKIM, lan DMARC sing tepat bakal nambah kapercayan server email lan nyuda kemungkinan mailout sampeyan mlebu spam.

• SPF (Sender Policy Framework) minangka ukuran keamanan sing dirancang kanggo nyegah wong liya ngirim email kanggo sampeyan. Iki nemtokake alamat IP sing diidini ngirim email lan sing ora.
• DKIM (DomainKeys Identified Mail) minangka cara otentikasi pesen. Nalika saben email dikirim, ditandatangani nganggo kunci pribadhi banjur diverifikasi ing server email sing nampa (utawa panyedhiya layanan Internet) nganggo kunci umum DNS.
• DMARC (Domain-based Message Authentication, Reporting & Conformance) nggunakake SPF lan DKIM kanggo otentikasi mail, nyuda spam lan serangan phishing.

Konfigurasi SPF (Kerangka Kebijakan Pangirim)

1.1. Kanggo ngatur SPF, cathetan TXT kudu ditambahake menyang setelan DNS domain sampeyan.

1.2. Iki minangka sintaks rekaman SPF ing ngisor iki:

• v=spf1: nemtokake versi SPF sing digunakake sampeyan. Saiki mung SPF1 sing digunakake.
• ip4:[Your_Mail_Server_IP]: Iki nuduhake yen alamat IP server mail sampeyan diidini ngirim email atas jenenge domain sampeyan.
• a: Iki nemtokake manawa domain duwe rekaman A (alamat IPv4) ing DNS, server sing ditemtokake ing rekaman kasebut bisa ngirim email atas jenenge domain kasebut.
• mx: Nuduhake yen domain duwe rekaman MX (mail exchange) ing DNS, server sing ditemtokake ing rekaman iki bisa ngirim email atas jenenge domain.
• ~kabeh: Iki nuduhake yen mung server ing rekaman SPF bisa ngirim email atas jenenge domain. Yen email teka saka server liyane, bakal ditandhani minangka "cocok alus" (~), sing tegese bisa ditampa, nanging ditandhani minangka spam.

Bebarengan, unsur-unsur kasebut mbentuk SPF sing katon kaya iki:

Jeneng: [Your_Domain]

v=spf1 ip4:[Your_Mail_Server_IP] a mx ~all

Ganti [Your_Mail_Server_IP] nganggo alamat IP server email sampeyan.

Konfigurasi DKIM (DomainKeys Identified Mail).

2.1. Pisanan nginstal opendkim lan opendkim-tools. Proses instalasi gumantung saka sistem operasi:

Kanggo CentOS:

yum install opendkim -y

Kanggo Debian/Ubuntu:

apt install opendkim opendkim-tools -y

2.2. Sabanjure, miwiti layanan opendkim lan aktifake peluncuran nalika boot:

systemctl start opendkim
systemctl enable opendkim

2.3. Gawe direktori kanggo panyimpenan kunci:

mkdir -p /etc/opendkim/keys/yourdomain.com

2.4. Gawe kunci nggunakake alat opendkim-genkey:

opendkim-genkey --directory /etc/opendkim/keys/yourdomain.com/ --domain yourdomain.com --selector dkim

Aja lali ngganti 'yourdomain.com' karo jeneng domain asli sampeyan.

2.5. Setel ijin sing cocog kanggo kunci:

chown -R opendkim:opendkim /etc/opendkim/keys/yourdomain.com

2.6. Saiki kita kudu ngatur opendkim. Bukak file /etc/opendkim.conf lan tambahake setelan ing ngisor iki:

AutoRestart Yes
AutoRestartRate 10/1h
Umask 002
Syslog Yes
SyslogSuccess Yes
LogWhy Yes
Canonicalization relaxed/simple
ExternalIgnoreList refile:/etc/opendkim/TrustedHosts
InternalHosts refile:/etc/opendkim/TrustedHosts
KeyTable refile:/etc/opendkim/KeyTable
SigningTable refile:/etc/opendkim/SigningTable
Mode sv
PidFile /var/run/opendkim/opendkim.pid
SignatureAlgorithm rsa-sha256
UserID opendkim:opendkim
Socket inet:8891@localhost

2.7. Tambah domain sampeyan menyang file /etc/opendkim/TrustedHosts

127.0.0.1
localhost
*.yourdomain.com

2.8. Sunting file /etc/opendkim/KeyTable kanggo katon kaya iki:

dkim._domainkey.yourdomain.com yourdomain.com:dkim:/etc/opendkim/keys/yourdomain.com/dkim.private

2.9. Ngganti file /etc/opendkim/SigningTable. Supaya katon kaya iki

*@yourdomain.com dkim._domainkey.yourdomain.com

2.10. Yen sampeyan nggunakake Debian/Ubuntu, nemtokake port opendkim:

echo 'SOCKET="inet:8891@localhost"' >> /etc/default/opendkim

2.11. Wiwiti maneh layanan opendkim supaya owah-owahan bisa ditrapake:

systemctl restart opendkim

2.12. Pungkasan, tambahake kunci umum menyang konfigurasi DNS domain sampeyan. Tombol ana ing /etc/opendkim/keys/yourdomain.com/dkim.txt.

DMARC (Domain-based Message Authentication, Reporting & Conformance) konfigurasi

3.1. Kanggo ngatur DMARC, tambahake rekaman TXT menyang setelan domain sampeyan:

Name: _dmarc.[Your_Domain].
Значение: v=DMARC1; p=none; aspf=r; sp=none

Ganti [Your_Domain] nganggo jeneng domain sampeyan.

Konfigurasi PTR (Pointer Record).

4.1. Rekaman PTR, uga dikenal minangka rekaman DNS mbalikke, digunakake kanggo ngowahi alamat IP dadi jeneng domain. Iki penting kanggo server mail amarga sawetara server bisa nolak pesen tanpa rekaman PTR.

4.2. Rekaman PTR biasane dikonfigurasi ing setelan panyedhiya layanan internet utawa panyedhiya hosting. Yen sampeyan duwe akses menyang setelan kasebut, sampeyan bisa nyetel rekaman PTR kanthi nemtokake alamat IP server lan jeneng domain sing cocog.

4.3. Yen sampeyan ora duwe akses menyang setelan rekaman PTR, hubungi panyedhiya layanan internet utawa panyedhiya hosting kanthi panjalukan konfigurasi rekaman PTR.

4.4. Sawise nginstal PTR, sampeyan bisa mriksa kanthi nggunakake perintah dig ing Linux:

dig -x your_server_IP

Ganti 'your_server_IP' nganggo alamat IP server sampeyan. Tanggepan kudu kalebu jeneng domain sampeyan.

Sawise rampung kabeh langkah konfigurasi SPF, DKIM lan DMARC, server mail bakal luwih cenderung kanggo menehi tandha mailouts minangka spam - iku bakal njamin yen layang sampeyan tekan panampa.