月別アーカイブ: 2015年11月

SSL導入

使用する証明書

さくらのSSL
* ドメイン認証
* ジオトラスト ラピッドSSL
* ¥1,500-/year

証明書作成手順

鍵とCSR作成

参考URL
https://www.geotrust.co.jp/support/ssl/csr/apache_openssl_new.html

  1. 鍵とCSR作成
    # mkdir 20151116-SSL
    # cd /root/20151116-SSL
    # openssl md5 * > rand.dat
    # openssl genrsa -rand rand.dat -des3 2048 > 20151116-www.mylines.org.key
    # openssl req -new -key 20151116-www.mylines.org.key -out 20151116-www.mylines.org.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
Country Name (2 letter code) [XX]:JP
State or Province Name (full name) []:Hiroshima
Locality Name (eg, city) [Default City]:Hiroshima
Organization Name (eg, company) [Default Company Ltd]:XXXXXXX
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:www.mylines.org
Email Address []:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:        
An optional company name []:

# openssl rsa -in 20151116-www.mylines.org.key -out 20151116-www.mylines.org_nonepass.key

続きを読む

DKIM導入

1.環境

CentOS 6.7 x86_64

2.OpenDkim設定

epelリポジトリ追加

# rpm -ivh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
# rpm --import http://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-6

opendkimインストール

# yum install opendkim

公開鍵、秘密鍵作成

# opendkim-genkey -D /etc/opendkim/keys -d mylines.org -s 20151108-key

/etc/opendkim/keys/20151108-key.private //秘密鍵
/etc/opendkim/keys/20151108-key.txt //公開鍵

# chown opendkim. /etc/opendkim/keys/20151108-key.* //所有者変更

ゾーンファイルに公開鍵レコードとADSPレコードを追加

# vi /var/named/chroot/var/named/mylines.org.zone

20151108-key._domainkey.mylines.org. IN TXT "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDUbKMp1yzlRGwygs/D5nb5L2Mkui2mvWqiVoETbzttz5XW5+yqwGAigqM9D+PUR7h0vRWrMEMhlOH8FuQJEo9WiDcq6UiZAlbQ4IVaCKiVZi43MfJNNbXFVLAw4mv3A1y0Xvn46QY0FrIvjbOU4JJ2F7FiBzIMY7ER3xFsM35QlwIDAQAB"
_adsp._domainkey.mylines.org. IN TXT "dkim=unknown"

続きを読む

SPF導入-Postfix

1.事前準備

以前に途中で設定を投げ出していたので古いモジュールを削除
# cd pypolicyd-spf-1.2
# python setup.py install --record remove.txt
# cat remove.txt |xargs rm -vrf

removed `/usr/lib/python2.6/site-packages/policydspfsupp.py'
removed `/usr/lib/python2.6/site-packages/policydspfuser.py'
removed `/usr/lib/python2.6/site-packages/policydspfsupp.pyc'
removed `/usr/lib/python2.6/site-packages/policydspfuser.pyc'
removed `/usr/bin/policyd-spf'
removed `/usr/share/man/man1/policyd-spf.1'
removed `/usr/share/man/man5/policyd-spf.conf.5'
removed `/etc/python-policyd-spf/policyd-spf.conf'
removed `/usr/share/man/man5/policyd-spf.peruser.5'
removed `/usr/lib/python2.6/site-packages/pypolicyd_spf-1.2-py2.6.egg-info'

2.設定

ダウンロード

  • pydns-2.3.6.tar
  • pypolicyd-spf-1.3.2.tar.gz
  • pyspf-2.0.12.tar.gz

続きを読む

SPF導入-BIND編

BINDゾーン編集

# vi /var/named/chroot/var/named/mylines.org.zone
@ IN TXT "v=spf1 +ip4:49.212.197.167 -all" //add

テスト

Mail@mylines.org からgmailにメールを送ってヘッダを確認する

Received-Spf:pass (google.com: domain of Mail@mylines.org designates 49.212.197.167 as permitted sender) client-ip=49.212.197.167;
Authentication-Results:mx.google.com; spf=pass (google.com: domain of Mail@mylines.org designates 49.212.197.167 as permitted sender) smtp.mailfrom=Mail@mylines.org