Ichi chinyorwa chinokuratidza maitiro ekugadzirisa SPF, DKIM и DMARC - zvinhu zvitatu zvakakosha kuti uvandudze kutumira email kushanda.
Kurongeka kwakaringana kweSPF, DKIM и DMARC kuchawedzera kuvimba kwemaseva etsamba uye kuderedza mukana wekutumira kwako kupinda muspam.
- SPF (Sender Policy Framework) chiyero chekuchengetedza chakagadzirirwa kudzivirira vamwe kutumira maemail pachinzvimbo chako. Inotarisa kuti ndeapi ma IP kero anotenderwa kutumira maemail uye ayo asiri.
- DKIM (DomainKeys Identified Mail) inzira yekusimbisa meseji. Kana email yega yega yatumirwa, inosainwa nekiyi yakavanzika uye yobva yasimbiswa kune inotambira tsamba server (kana Internet service provider) neDNS public key.
- DMARC (Domain-based Message Authentication, Reporting & Conformance) inoshandisa SPF neDKIM kuti ive nechokwadi chetsamba, kuderedza spam uye phishing.
SPF kumisikidza (Sender Policy Framework)
1.1. Kugadzirisa SPF, rekodhi yeTXT inofanira kuwedzerwa kune yako DNS marongero.
1.2. Iyi ndiyo inotevera syntax yeSPF rekodhi:
- v=spf1: inosarudza SPF vhezheni inoshandiswa newe. Nhasi chete SPF1 ndiyo inoshandiswa.
- ip4:[Yako_Mail_Server_IP]: Zvinoratidza kuti mail server yako IP kero inotenderwa kutumira email pachinzvimbo chedomeini yako.
- a: Inotsanangura kuti kana domain ine A rekodhi (IPv4 kero) muDNS, sevha inotsanangurwa mune iyo rekodhi inogona kutumira email pachinzvimbo chedura.
- mx: Inoratidza kuti kana domain ine MX (mail exchange) rekodhi muDNS, sevha inotsanangurwa mune ino rekodhi inogona kutumira email pachinzvimbo chedura.
- ~ zvese: Zvinoratidza kuti maseva chete ari muSPF rekodhi anogona kutumira email pachinzvimbo chedura. Kana iyo email ichibva kune imwe sevha, inozonyorwa se "soft match" (~), zvinoreva kuti inogona kugamuchirwa, asi yakanyorwa sezvinobvira spam.
Pamwe chete, zvinhu izvi zvinoumba SPF inoita seizvi:
Zita: [Yako_Domain]
v=spf1 ip4:[Your_Mail_Server_IP] a mx ~allTsiva [Yako_Mail_Server_IP] nekero yeIP server yako.
DKIM (DomainKeys Identified Mail) kugadzirisa
2.1. Kutanga kuisa opendkim uye opendkim-zvishandiso. Iyo yekuisa maitiro inoenderana neiyo inoshanda sisitimu:
YeCentOS:
yum install opendkim -yZveDebian/Ubuntu:
apt install opendkim opendkim-tools -y2.2. Tevere, tanga iyo opendkim sevhisi uye wogonesa kuvhurwa kwayo panguva yebhutsu:
systemctl start opendkim
systemctl enable opendkim2.3. Gadzira dhairekitori rekuchengetedza makiyi:
mkdir -p /etc/opendkim/keys/yourdomain.com2.4. Gadzira makiyi uchishandisa opendkim-genkey chishandiso:
opendkim-genkey --directory /etc/opendkim/keys/yourdomain.com/ --domain yourdomain.com --selector dkimUsakanganwe kutsiva 'yourdomain.com' nezita rako chairo rezita.
2.5. Seta mvumo dzakakodzera dzekiyi:
chown -R opendkim:opendkim /etc/opendkim/keys/yourdomain.com2.6. Iye zvino tinoda kugadzirisa opendkim. Vhura iyo faira /etc/opendkim.conf uye wedzera zvinotevera marongero:
AutoRestart Yes
AutoRestartRate 10/1h
Umask 002
Syslog Yes
SyslogSuccess Yes
LogWhy Yes
Canonicalization relaxed/simple
ExternalIgnoreList refile:/etc/opendkim/TrustedHosts
InternalHosts refile:/etc/opendkim/TrustedHosts
KeyTable refile:/etc/opendkim/KeyTable
SigningTable refile:/etc/opendkim/SigningTable
Mode sv
PidFile /var/run/opendkim/opendkim.pid
SignatureAlgorithm rsa-sha256
UserID opendkim:opendkim
Socket inet:8891@localhost2.7. Wedzera yako domain ku /etc/opendkim/TrustedHosts faira
127.0.0.1
localhost
*.yourdomain.com2.8. Rongedza /etc/opendkim/KeyTable faira kuita seizvi:
dkim._domainkey.yourdomain.com yourdomain.com:dkim:/etc/opendkim/keys/yourdomain.com/dkim.private2.9. Chinja iyo /etc/opendkim/SigningTable faira. Kuti nditaridzike seizvi
*@yourdomain.com dkim._domainkey.yourdomain.com2.10. Kana ukashandisa Debian/Ubuntu, tsanangura chiteshi opendkim:
echo 'SOCKET="inet:8891@localhost"' >> /etc/default/opendkim2.11. Tangazve iyo opendkim sevhisi kuitira kuti shanduko dzishandiswe:
systemctl restart opendkim2.12. Pakupedzisira, wedzera kiyi yeruzhinji kune yako DNS zvigadziriso. Makiyi ari mukati /etc/opendkim/keys/yourdomain.com/dkim.txt.
DMARC (Domain-based Message Authentication, Reporting & Conformance) kugadzirisa
3.1. Kuti ugadzirise DMARC, wedzera rekodhi yeTXT kune yako domain marongero:
Name: _dmarc.[Your_Domain].
Значение: v=DMARC1; p=none; aspf=r; sp=noneTsiva [Yako_Domain] nezita renzvimbo yako.
PTR (Pointer Record) kugadzirisa
4.1. A PTR rekodhi, inozivikanwawo sereverse DNS rekodhi, inoshandiswa kushandura IP kero kuita zita rezita. Izvi zvakakosha kumaseva etsamba nekuti mamwe maseva anogona kuramba mameseji asina rekodhi rePTR.
4.2. Iyo PTR rekodhi inowanzo gadziridzwa muzvigadziro zveinternet service provider kana yekutambira mupi. Kana iwe uchikwanisa kuwana aya marongero, unogona kuseta PTR rekodhi nekutsanangura yako server IP kero uye inoenderana zita rezita.
4.3. Kana iwe usingakwanise kuwana PTR rekodhi zvigadziriso, taura newako wepainternet sevhisi kana mupi wekutambira ane PTR rekodhi rekodhi chikumbiro.
4.4. Mushure mekuisa PTR, unogona kuitarisa uchishandisa iyo dig command muLinux:
dig -x your_server_IPTsiva 'yako_server_IP' neIP kero yeserver yako. Mhinduro yacho inofanira kusanganisira zita rako rezita.
Mushure mekupedza nhanho dzese dzekugadzirisa SPF, DKIM neDMARC, sevha yetsamba ichave isingaite yekumaka mameseji ako se spam - inovimbisa kuti tsamba dzako dzinosvika kune vanogamuchira.
