SPF, DKIM me DMARC whirihoranga

Ma tenei aratohu e whakaatu ki a koe te tukanga o te whirihora SPF, DKIM me DMARC - e toru nga waahanga nui hei whakapai ake i nga mahi tuku imeera.

Ko te whirihoranga tika o te SPF, DKIM me DMARC ka piki ake te whakawhirinaki o nga kaitoro mēra me te whakaiti i te tupono ka uru atu o mēra ki te mokowhiti.

• Ko te SPF (Anga Kaupapahere Kaituku) he mehua haumaru i hangaia hei aukati i etahi atu ki te tuku imeera mo koe. Ka whakatauhia ko wai nga wahitau IP e whakaaetia ana ki te tuku imeera me te kore.
• Ko DKIM (DomainKeys Identified Mail) he tikanga motuhēhēnga karere. Ina tukuna ia īmēra, ka hainatia ki te kī tūmataiti kātahi ka manatoko i te tūmau mēra (te kaiwhakarato ratonga Ipurangi rānei) me te kī tūmatanui DNS.
• Ka whakamahi a DMARC (Whakamotuhēhēnga Karere, Pūrongo me te Whakaaetanga) i te SPF me te DKIM mo te whakamotuhēhēnga mēra, te whakaiti i nga whakaeke mokowhiti me te hītinihanga.

whirihoranga SPF (Anga Kaupapahere Kaituku)

1.1. Hei whirihora i te SPF, me taapiri he rekoata TXT ki nga tautuhinga DNS o to rohe.

1.2. Koinei te wetereo e whai ake nei o te rekoata SPF:

• v=spf1: ka whakatau i tetahi putanga SPF i whakamahia e koe. I tenei ra ko SPF1 anake ka whakamahia.
• ip4:[Your_Mail_Server_IP]: E tohu ana ka whakaaetia to wahitau IP tūmau mēra ki te tuku imeera mo to rohe.
• a: E tohu ana mena he rekoata A (wāhitau IPv4) tetahi rohe ki DNS, ka taea e te tūmau kua tohua i roto i taua rekoata te tuku imeera mo te rohe.
• mx: E tohu ana mena he rekoata MX (whakawhiti mēra) tetahi rohe ki DNS, ka taea e te tūmau kua tohua ki tenei rekoata te tuku imeera mo te rohe.
• ~katoa: E tohu ana ko nga kaitoro anake i te rekoata SPF ka taea te tuku imeera mo te rohe. Mena ka puta mai te īmēra mai i tetahi atu tūmau, ka tohuhia he "maama ngawari" (~), ko te tikanga ka taea te whakaae, engari ka tohua he mokowhiti.

Ko enei huānga ka hanga he SPF penei te ahua:

Ingoa: [Your_Domain]

v=spf1 ip4:[Your_Mail_Server_IP] a mx ~all

Whakakapia [Your_Mail_Server_IP] ki to wahitau IP tūmau imeera.

Te whirihoranga DKIM (Mēra Tautuhi DomainKeys).

2.1. Tuatahi tāuta opendkim me opendkim-taputapu. Ko te tukanga whakauru ka whakawhirinaki ki te punaha whakahaere:

Mo CentOS:

yum install opendkim -y

Mo Debian/Ubuntu:

apt install opendkim opendkim-tools -y

2.2. Muri iho, tiimata te ratonga opendkim ka taea te whakarewatanga i te wa e whawhai ana:

systemctl start opendkim
systemctl enable opendkim

2.3. Waihangahia he whaiaronga mo te rokiroki taviri:

mkdir -p /etc/opendkim/keys/yourdomain.com

2.4. Hangaia nga taviri ma te whakamahi taputapu opendkim-genkey:

opendkim-genkey --directory /etc/opendkim/keys/yourdomain.com/ --domain yourdomain.com --selector dkim

Kaua e wareware ki te whakakapi 'yourdomain.com' me to ingoa rohe tuturu.

2.5. Tautuhia nga whakaaetanga tika mo nga taviri:

chown -R opendkim:opendkim /etc/opendkim/keys/yourdomain.com

2.6. Inaianei me whirihora opendkim. Whakatuwheratia te kōnae /etc/opendkim.conf me te taapiri i nga tautuhinga e whai ake nei:

AutoRestart Yes
AutoRestartRate 10/1h
Umask 002
Syslog Yes
SyslogSuccess Yes
LogWhy Yes
Canonicalization relaxed/simple
ExternalIgnoreList refile:/etc/opendkim/TrustedHosts
InternalHosts refile:/etc/opendkim/TrustedHosts
KeyTable refile:/etc/opendkim/KeyTable
SigningTable refile:/etc/opendkim/SigningTable
Mode sv
PidFile /var/run/opendkim/opendkim.pid
SignatureAlgorithm rsa-sha256
UserID opendkim:opendkim
Socket inet:8891@localhost

2.7. Taapirihia to rohe ki te konae /etc/opendkim/TrustedHosts

127.0.0.1
localhost
*.yourdomain.com

2.8. Whakatikahia te kōnae /etc/opendkim/KeyTable kia penei te ahua:

dkim._domainkey.yourdomain.com yourdomain.com:dkim:/etc/opendkim/keys/yourdomain.com/dkim.private

2.9. Hurihia te kōnae /etc/opendkim/SigningTable. Kia penei ai te ahua

*@yourdomain.com dkim._domainkey.yourdomain.com

2.10. Mena kei te whakamahi koe i a Debian/Ubuntu, tohua te tauranga opendkim:

echo 'SOCKET="inet:8891@localhost"' >> /etc/default/opendkim

2.11. Tīmataria anō te ratonga opendkim kia taea ai te whakamahi huringa:

systemctl restart opendkim

2.12. Ka mutu, tāpirihia te kī tūmatanui ki ngā whirihoranga DNS o tō rohe. Ko nga taviri kei /etc/opendkim/keys/yourdomain.com/dkim.txt.

DMARC (Whakamotuhēhēnga Karere, Pūrongo me te Whakaaetanga) whirihoranga

3.1. Hei whirihora i te DMARC, taapirihia he rekoata TXT ki o tautuhinga rohe:

Name: _dmarc.[Your_Domain].
Значение: v=DMARC1; p=none; aspf=r; sp=none

Whakakapia [Your_Domain] ki te ingoa o to rohe.

whirihoranga PTR (Pointer Record).

4.1. He rekoata PTR, e mohiotia ana ano he rekoata DNS whakamuri, ka whakamahia hei huri i tetahi wahitau IP ki te ingoa rohe. He mea nui tenei mo nga kaitoro mēra na te mea ka paopao etahi o nga kaitoro i nga karere kaore he rekoata PTR.

4.2. Ko te rekoata PTR te nuinga o te wa ka whirihorahia i roto i nga tautuhinga o te kaiwhakarato ratonga ipurangi, kaiwhakarato manaaki ranei. Mena ka whai waahi koe ki enei tautuhinga, ka taea e koe te whakarite he rekoata PTR ma te tohu i te wahitau IP o to tūmau me tona ingoa rohe.

4.3. Ki te kore koe e whai waahi ki nga tautuhinga rekoata PTR, whakapaa atu ki to kaiwhakarato ratonga ipurangi, kaiwhakarato manaaki ranei me tetahi tono whirihoranga rekoata PTR.

4.4. I muri i te whakauru i te PTR, ka taea e koe te tirotiro ma te whakamahi i te whakahau keri i Linux:

dig -x your_server_IP

Whakakapia 'your_server_IP' ki te wāhitau IP o tō tūmau. Ko te whakautu me whakauru to ingoa rohe.

I muri i te whakaoti i nga mahi katoa mo te whirihora i te SPF, DKIM me DMARC, ka iti ake te tohu a te kaimau mēra ki te tohu i o mēra hei mokowhiti - ka oati ka tae atu o reta ki nga kaiwhiwhi.