Table of Contents
sendmail – 수신되는 메일 DKIM/SPF/DMARC 검증
스팸 및 피싱 메일을 막기 위해 SPF, DKIM, DMARC 검사를 설정합니다.
DNS 설정 (발송자 도메인 측에서 해야 함)
수신 서버가 메일을 검사할 수 있도록, 발송자 도메인에는 반드시 아래와 같은 레코드가 등록되어 있어야 합니다.
; SPF
@ IN TXT "v=spf1 mx a include:mail.yourdomain.com ~all"
; DKIM
default._domainkey IN TXT "v=DKIM1; k=rsa; p=MIIBIjANBgkqh…"
; DMARC
_dmarc IN TXT "v=DMARC1; p=quarantine; rua=mailto:dmarc-reports@yourdomain.com"
SPF 검사 설정
sudo apt update
sudo apt install build-essential sendmail libmilter-dev libspf2-2 libspf2-devwget https://www.acme.com/software/spfmilter/spfmilter-2.2.tar.gz
tar zxvf spfmilter-2.2.tar.gz
cd spfmilter-2.2
./configure
make
sudo make installsudo su -
spfmilter unix:/var/run/spfmilter.socksudo vi /etc/mail/sendmail.mc
----------------------
INPUT_MAIL_FILTER(`spfmilter', `S=local:/var/run/spfmilter.sock, T=S:4m;R:4m;E:4m')dnl
----------------------sudo make -C /etc/mail
sudo systemctl restart sendmail
sudo systemctl status sendmail외부에서 메일을 발송하여 SPF 헤더가 첨가되는 것을 확인합니다.
sudo tail -200 /var/spool/mail/root
......
Received-SPF: pass (plus-ai.co.kr: domain of skyer9@gmail.com designates 209.85.219.181 as permitted sender) receiver=plus-ai.co.kr; client-ip=209.85.219.181; helo=mail-yb1-f181.google.com; envelope-from=skyer9@gmail.com; x-software=spfmilter 2.2 http://www.acme.com/software/spfmilter/ with libspf2-1.2.10;
......성공하면 아래와 같이 서버 부팅시 spfmilter 가 실행되도록 설정해 줍니다.
sudo vi /etc/systemd/system/spfmilter.service
----------------------
[Unit]
Description=SPF Milter
After=network.target
[Service]
Type=forking
ExecStart=/usr/local/sbin/spfmilter unix:/var/run/spfmilter.sock
User=root
[Install]
WantedBy=multi-user.target
----------------------sudo systemctl daemon-reload
sudo systemctl enable spfmilter
sudo systemctl start spfmilterDKIM 설정
여기 에서 설정됩니다.
Mode sv 이 부분에서 s 는 send, v 는 verify 입니다.
DMARC 검사
sudo apt install opendmarcsudo vi /etc/opendmarc.conf
----------------------
AuthservID yourmailserver.example.com
TrustedAuthservIDs yourmailserver.example.com
Socket inet:12303@localhost
Syslog true
----------------------sudo vi /etc/mail/sendmail.mc
----------------------
INPUT_MAIL_FILTER(`opendmarc', `S=inet:12303@localhost')
----------------------sudo systemctl restart opendmarc
sudo make -C /etc/mail
sudo systemctl restart sendmailrspamd : Authentication-Results 통합
sudo apt install rspamdsudo vi /etc/rspamd/local.d/milter_headers.conf
----------------------
use = ["authentication-results"];
----------------------sudo vi /etc/mail/sendmail.mc
----------------------
INPUT_MAIL_FILTER(`rspamd', `S=inet:11332@localhost')dnl
----------------------sudo systemctl enable rspamd
sudo systemctl restart spfmilter opendmarc opendkim rspamd
sudo make -C /etc/mail
sudo systemctl restart sendmailsudo tail -200 /var/spool/mail/root
......
Authentication-Results: MTA;
dkim=pass header.d=gmail.com header.s=20230601 header.b="TKdk+AZ/";
spf=pass (MTA: domain of skyer9@gmail.com designates 209.85.219.180 as permitted sender) smtp.mailfrom=skyer9@gmail.com;
dmarc=pass (policy=none) header.from=gmail.com
......rspamd 버전업
너무 낮은 버전의 rspamd 는 오작동을 할 수 있다.
rspamd --version
Rspamd daemon version 1.9.4wget -O- https://rspamd.com/apt-stable/gpg.key | sudo apt-key add -
echo "deb [arch=amd64] http://rspamd.com/apt-stable/ focal main" | sudo tee /etc/apt/sources.list.d/rspamd.listsudo apt update
apt policy rspamd
sudo apt install rspamdsudo cp -r /etc/rspamd /etc/rspamd.backup.$(date +%Y%m%d)
sudo systemctl restart rspamdrspamd --version
Rspamd daemon version 3.12.1