YNOTES笔记

### SPF认证域名解析添加SPF的TXT记录 ``` @ IN TXT "v=spf1 mx mx:mail.unotes.co ip4:95.163.201.189 ~all" ``` 　　 ### DKIM认证 ```bash $ yum install epel-release -y $ yum --enablerepo=epel install opendkim ``` ```bash $ vim /etc/opendkim.conf ``` 添加下面的文本 ``` AutoRestart Yes AutoRestartRate 10/1h LogWhy Yes Syslog Yes SyslogSuccess Yes Mode sv Canonicalization relaxed/simple ExternalIgnoreList refile:/etc/opendkim/TrustedHosts InternalHosts refile:/etc/opendkim/TrustedHosts KeyTable refile:/etc/opendkim/KeyTable SigningTable refile:/etc/opendkim/SigningTable SignatureAlgorithm rsa-sha256 Socket inet:8891@localhost PidFile /var/run/opendkim/opendkim.pid UMask 022 UserID opendkim:opendkim TemporaryDirectory /var/tmp ``` 生成key ```bash $ mkdir /etc/opendkim/keys/unotes.co #新建域名目录 $ opendkim-genkey -D /etc/opendkim/keys/unotes.co/ -d unotes.co -s default #生成随机密钥 ``` ```bash $ /etc/opendkim/KeyTable #添加下面内容 ``` ``` default._domainkey.unotes.co unotes.co:default:/etc/opendkim/keys/unotes.co/default.private ``` ```bash $ vim /etc/opendkim/SigningTable #添加下面内容 ``` ``` *@unotes.co default._domainkey.unotes.co ``` ```bash $ vim /etc/opendkim/TrustedHosts #添加下面内容 ``` ``` 127.0.0.1 unotes.co ``` 域名解析添加DKIM的TXT记录,文件`/etc/opendkim/keys/unotes.co/default.txt`的内容,记得去掉内容中的空格和引号 ``` default._domainkey IN TXT v=DKIM1;k=rsa;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCw/S6dg+kqpr7WIykX+e53bI3qg8qbCyWGfH/rU8UsDk8xZjpgWBiPv94SIJI0FYv4i2sJfVlD/4N2XfblPX/Vvu9LU1c66SvEyl/5cnVj/Bppyg4d3wggn+ROChBi9vWXrmUEGUbLOrWBDee3ZcSBaqK3DXFg7iSQlMATVtSnyQIDAQAB ``` DKIM检测是否配置正确网站：`https://dkimcore.org/c/keycheck` ![](https://files.ynotes.cn/18-8-18/43984887.jpg) postfix添加dkim认证： ```bash $ vim /etc/postfix/main.cf #添加下面内容 ``` ``` smtpd_milters = inet:127.0.0.1:8891 non_smtpd_milters = $smtpd_milters milter_default_action = accept milter_protocol = 2 ``` 启动opendkim,重启postfix ```bash $ /etc/init.d/opendkim start $ /etc/init.d/postfix restart ``` ### DMARC认证域名解析添加DMARC的TXT记录 ``` _dmarc IN TXT “v=DMARC1; p=quarantine; fo=1; ruf=mailto:dmarc_report@unotes.co; rua=mailto:dmarc_report@unotes.co” ``` 检测SPF和DMARC配置 `https://mxtoolbox.com/` ![](https://files.ynotes.cn/18-9-7/55228303.jpg) ### PTR反向解析到主机运营商(**`注意:阿里云、腾讯云禁止25端口使用SMTP发送邮件`**)添加PTR解析，我用的是搬瓦工地址：https://bandwagonhost.com/aff.php?aff=35573 ![](https://files.ynotes.cn/18-8-18/85327047.jpg) 测试结果:qq邮箱、163邮箱、gmail邮箱均收发正常，邮件未进入垃圾邮箱