SPF, DKIM ma DMARC faʻatulagaina

O lenei taʻiala o le a faʻaali atu ia te oe le faʻagasologa o le faʻatulagaina o le SPF, DKIM и DMARC - tolu vaega taua e faʻaleleia ai le lafoina o imeli.

O le faʻatulagaina lelei o le SPF, DKIM ma DMARC o le a faʻateleina ai le faʻatuatuaina o sapalai meli ma faʻaitiitia ai le ono oʻo atu au meli i le spam.

• O le SPF (Sender Policy Framework) ose faiga e puipuia ai isi mai le lafoina o imeli e fai ma ou sui. E iloa ai po'o fea tuatusi IP e fa'atagaina e lafo ai imeli ma e leai.
• O le DKIM (DomainKeys Identified Mail) o se auala e fa'amaonia ai fe'au. A lafoina imeli taʻitasi, e sainia i le ki faʻapitoa ona faʻamaonia lea i le meli meli (poʻo le tuʻuina atu o le Initaneti) ma le DNS lautele.
• DMARC (Domain-based Message Authentication, Reporting & Conformance) faʻaogaina le SPF ma le DKIM mo le faʻamaoniaina o meli, faʻaitiitia le spam ma osofaʻiga phishing.

SPF fa'atulagaina (Sender Policy Framework)

1.1. Ina ia fetuutuuna'i le SPF, e tatau ona fa'aopoopo se fa'amaumauga TXT i fa'auiga DNS a lau vaega.

1.2. Ole fa'asologa lea ole SPF fa'amaumauga:

• v=spf1: fuafua se SPF fa'aogaina e oe. O aso nei na'o le SPF1 o lo'o fa'aaogaina.
• ip4:[Your_Mail_Server_IP]: O lo'o fa'ailoa mai ai ua fa'atagaina lau tuatusi IP meli e lafo ai imeli e fai ma sui o lau vaega.
• a: O loʻo faʻamaoti mai afai o se vaega o loʻo i ai se faʻamaumauga A (tuatusi IPv4) i DNS, o le server o loʻo faʻamaonia i lena faʻamaumauga e mafai ona lafoina imeli e fai ma sui o le vaega.
• mx: Fa'ailoa mai afai e iai se fa'amaumauga MX (meli meli) i le DNS, o le 'au'aunaga o lo'o fa'ailoa mai i lenei fa'amaumauga e mafai ona lafo imeli e fai ma sui o le vaega.
• ~uma: E fa'ailoa mai e na'o 'au'aunaga i totonu o fa'amaumauga a le SPF e mafai ona lafo imeli e fai ma sui o le vaega. Afai o le imeli e sau mai se isi server, o le a faailogaina o se "faiga vaivai" (~), o lona uiga e mafai ona talia, ae faʻailogaina e mafai ona spam.

Faʻatasi, o nei elemene e fausia ai se SPF e pei o lenei:

Igoa: [Your_Domain]

v=spf1 ip4:[Your_Mail_Server_IP] a mx ~all

Sui [Your_Mail_Server_IP] i lau tuatusi IP tuatusi imeli.

DKIM (DomainKeys Identified Mail) configuration

2.1. Faʻapipiʻi muamua opendkim ma opendkim-tools. O le faʻapipiʻiina o faʻagasologa e faʻalagolago i le faiga faʻaogaina:

Mo CentOS:

yum install opendkim -y

Mo Debian/Ubuntu:

apt install opendkim opendkim-tools -y

2.2. Le isi, amata le opendkim auaunaga ma faʻatagaina lona faʻalauiloaina i le taimi o le taʻavale:

systemctl start opendkim
systemctl enable opendkim

2.3. Fausia se lisi mo le teuina o ki:

mkdir -p /etc/opendkim/keys/yourdomain.com

2.4. Fausia ki e faʻaaoga ai opendkim-genkey meafaigaluega:

opendkim-genkey --directory /etc/opendkim/keys/yourdomain.com/ --domain yourdomain.com --selector dkim

Aua nei galo e sui le 'yourdomain.com' i lou igoa moni.

2.5. Seti fa'atagaga talafeagai mo ki:

chown -R opendkim:opendkim /etc/opendkim/keys/yourdomain.com

2.6. Ole taimi nei e tatau ona tatou faʻapipiʻi opendkim. Tatala le faila /etc/opendkim.conf ma faʻaopoopo tulaga nei:

AutoRestart Yes
AutoRestartRate 10/1h
Umask 002
Syslog Yes
SyslogSuccess Yes
LogWhy Yes
Canonicalization relaxed/simple
ExternalIgnoreList refile:/etc/opendkim/TrustedHosts
InternalHosts refile:/etc/opendkim/TrustedHosts
KeyTable refile:/etc/opendkim/KeyTable
SigningTable refile:/etc/opendkim/SigningTable
Mode sv
PidFile /var/run/opendkim/opendkim.pid
SignatureAlgorithm rsa-sha256
UserID opendkim:opendkim
Socket inet:8891@localhost

2.7. Fa'aopoopo lau vaega ile /etc/opendkim/TrustedHosts faila

127.0.0.1
localhost
*.yourdomain.com

2.8. Fa'asa'o /etc/opendkim/KeyTable faila e pei o lenei:

dkim._domainkey.yourdomain.com yourdomain.com:dkim:/etc/opendkim/keys/yourdomain.com/dkim.private

2.9. Suia le faila /etc/opendkim/SigningTable. Ina ia foliga fa'apenei

*@yourdomain.com dkim._domainkey.yourdomain.com

2.10. Afai e te faʻaaogaina Debian/Ubuntu, faʻamaonia le taulaga opendkim:

echo 'SOCKET="inet:8891@localhost"' >> /etc/default/opendkim

2.11. Toe amata le auaunaga opendkim ina ia mafai ona faʻaoga suiga:

systemctl restart opendkim

2.12. Fa'ai'u, fa'aopoopo le ki fa'alaua'itele i lau fa'alapotopotoga DNS configurations. O ki o lo'o i totonu /etc/opendkim/keys/yourdomain.com/dkim.txt.

DMARC (Domain-based Message Authentication, Reporting & Conformance) configuration

3.1. Ina ia fetuutuuna'i DMARC, fa'aopoopo se fa'amaumauga TXT i au fa'alapotopotoga:

Name: _dmarc.[Your_Domain].
Значение: v=DMARC1; p=none; aspf=r; sp=none

Sui [Your_Domain] i lou igoa ole igoa.

PTR (Fa'amaumauga Fa'amau) fa'atulagaina

4.1. O se fa'amaumauga a le PTR, e ta'ua fo'i o se fa'amaufa'ailoga DNS, e fa'aaogaina e sui ai se tuatusi IP ile igoa ole igoa. E taua tele lenei mea mo sapalai meli ona e ono teena e nisi sapalai savali e aunoa ma se faamaumauga a le PTR.

4.2. O le faʻamaumauga a le PTR e masani ona faʻapipiʻiina i totonu o faʻatulagaga o le 'auʻaunaga i luga ole initaneti poʻo le faʻasalalauga. Afai e te maua le avanoa i nei tulaga, e mafai ona e setiina se faamaumauga PTR e ala i le faʻamaonia o le tuatusi IP a lau server ma lona igoa ole igoa.

4.3. Afai e te le maua le avanoa i le PTR fa'amaumauga, fa'afeso'ota'i lau 'au'aunaga i luga ole laiga po'o le 'au'aunaga talimalo ma se talosaga fa'atulagaina fa'amaumauga a le PTR.

4.4. A maeʻa ona tuʻuina le PTR, e mafai ona e siakiina e faʻaaoga ai le dig command i Linux:

dig -x your_server_IP

Sui 'your_server_IP' ile tuatusi IP ole server. O le tali e tatau ona aofia ai lou igoa ole igoa.

A maeʻa laasaga uma o le faʻatulagaina o le SPF, DKIM ma le DMARC, o le a faʻaitiitia le faʻailogaina o au meli e pei o spam - o le a mautinoa ai o au tusi e oʻo atu i tagata e mauaina.