\uc774 \uae00\uc5d0\uc11c\ub294 \uc55e\uc11c \uad6c\ucd95\ud55c Postfix \uba54\uc77c \uc11c\ubc84\uc5d0 \uba54\uc77c \uc778\uc99d \uae30\ub2a5(DKIM, SPF, DMARC)\uc744 \ucd94\uac00\ud558\uc5ec \uba54\uc77c \uc2e0\ub8b0\uc131\uc744 \ub192\uc774\uace0 \uc2a4\ud338 \ucc98\ub9ac\ub97c \ubc29\uc9c0\ud558\ub294 \ubc29\ubc95\uc744 \ub2e4\ub8f9\ub2c8\ub2e4.<\/p>\n
\uba54\uc77c \uc778\uc99d \uae30\uc220\uc740 \ub2e4\uc74c\uacfc \uac19\uc740 \ubaa9\uc801\uc73c\ub85c \uc0ac\uc6a9\ub429\ub2c8\ub2e4:<\/p>\n
# OpenDKIM \ubc0f \uad00\ub828 \ub3c4\uad6c \uc124\uce58\nsudo apt update\nsudo apt install opendkim opendkim-tools -y<\/code><\/pre>\n2. OpenDKIM \uc124\uc815<\/h3>\n
\uba54\uc778 \uc124\uc815 \ud30c\uc77c\uc744 \ud3b8\uc9d1\ud569\ub2c8\ub2e4:<\/p>\n
sudo vi \/etc\/opendkim.conf\n----------------------------\nAutoRestart Yes\nAutoRestartRate 10\/1h\nUMask 002\nSyslog yes\nSyslogSuccess Yes\nLogWhy Yes\n\nCanonicalization relaxed\/relaxed\n\nExternalIgnoreList refile:\/etc\/opendkim\/TrustedHosts\nInternalHosts refile:\/etc\/opendkim\/TrustedHosts\nKeyTable refile:\/etc\/opendkim\/KeyTable\nSigningTable refile:\/etc\/opendkim\/SigningTable\n\nMode sv\nPidFile \/var\/run\/opendkim\/opendkim.pid\nSignatureAlgorithm rsa-sha256\n\nUserID opendkim:opendkim\n\nSocket inet:8891@localhost\n----------------------------<\/code><\/pre>\n3. DKIM \ud0a4 \uc0dd\uc131<\/h3>\n# \ud0a4 \uc800\uc7a5 \ub514\ub809\ud1a0\ub9ac \uc0dd\uc131\nsudo mkdir -p \/etc\/opendkim\/keys\/example.com\n\n# DKIM \ud0a4 \ud398\uc5b4 \uc0dd\uc131\nsudo opendkim-genkey -b 2048 -d example.com -D \/etc\/opendkim\/keys\/example.com -s mail -v\n\n# \ud0a4 \ud30c\uc77c \uad8c\ud55c \uc124\uc815\nsudo chown opendkim:opendkim \/etc\/opendkim\/keys\/example.com\/mail.private\nsudo chmod 600 \/etc\/opendkim\/keys\/example.com\/mail.private<\/code><\/pre>\n4. OpenDKIM \ud14c\uc774\ube14 \uc124\uc815<\/h3>\n
\ud0a4 \ud14c\uc774\ube14 \uc0dd\uc131:<\/strong><\/p>\nsudo vi \/etc\/opendkim\/KeyTable\n----------------------------\nmail._domainkey.example.com example.com:mail:\/etc\/opendkim\/keys\/example.com\/mail.private\n----------------------------<\/code><\/pre>\n\uc11c\uba85 \ud14c\uc774\ube14 \uc0dd\uc131:<\/strong><\/p>\nsudo vi \/etc\/opendkim\/SigningTable\n----------------------------\n*@example.com mail._domainkey.example.com\n----------------------------<\/code><\/pre>\n\uc2e0\ub8b0 \ud638\uc2a4\ud2b8 \uc124\uc815:<\/strong><\/p>\nsudo vi \/etc\/opendkim\/TrustedHosts\n----------------------------\n127.0.0.1\nlocalhost\n*.example.com\nexample.com\n111.222.333.444\n----------------------------<\/code><\/pre>\n5. Postfix\uc640 OpenDKIM \uc5f0\ub3d9<\/h3>\n
Postfix \uc124\uc815\uc5d0 DKIM \uc5f0\ub3d9\uc744 \ucd94\uac00\ud569\ub2c8\ub2e4:<\/p>\n
sudo vi \/etc\/postfix\/main.cf\n......\n# DKIM \uc124\uc815\nmilter_protocol = 2\nmilter_default_action = accept\nsmtpd_milters = inet:localhost:8891\nnon_smtpd_milters = inet:localhost:8891\n......<\/code><\/pre>\n6. \uc11c\ube44\uc2a4 \uc2dc\uc791 \ubc0f \ud655\uc778<\/h3>\n# OpenDKIM \uc11c\ube44\uc2a4 \uc2dc\uc791\nsudo systemctl start opendkim\nsudo systemctl enable opendkim\n\n# Postfix \uc7ac\uc2dc\uc791\nsudo systemctl restart postfix\n\n# \uc11c\ube44\uc2a4 \uc0c1\ud0dc \ud655\uc778\nsudo systemctl status opendkim\nsudo systemctl status postfix<\/code><\/pre>\n7. DNS \ub808\ucf54\ub4dc \ucd94\uac00<\/h3>\n
\uc0dd\uc131\ub41c \uacf5\uac1c\ud0a4\ub97c DNS\uc5d0 \ucd94\uac00\ud569\ub2c8\ub2e4:<\/p>\n
# \uacf5\uac1c\ud0a4 \ud655\uc778\nsudo cat \/etc\/opendkim\/keys\/example.com\/mail.txt<\/code><\/pre>\nDNS\uc5d0 \ub2e4\uc74c\uacfc \uac19\uc740 TXT \ub808\ucf54\ub4dc\ub97c \ucd94\uac00\ud569\ub2c8\ub2e4:<\/p>\n
\uc5ec\ub7ec\uc904\ub85c \ub418\uc5b4 \uc788\ub294 \uacbd\uc6b0 \ud55c \uc904\ub85c \ud569\uccd0 \uc90d\ub2c8\ub2e4.<\/p>\n
mail._domainkey.example.com. IN TXT "v=DKIM1; h=sha256; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA..."<\/code><\/pre>\nSPF \uc124\uc815<\/h2>\nDNS SPF \ub808\ucf54\ub4dc \ucd94\uac00<\/h3>\n
\ub3c4\uba54\uc778\uc758 DNS \uc124\uc815\uc5d0\uc11c \ub2e4\uc74c TXT \ub808\ucf54\ub4dc\ub97c \ucd94\uac00\ud569\ub2c8\ub2e4:<\/p>\n
example.com. IN TXT "v=spf1 ip4:111.222.333.444 mx ~all"<\/code><\/pre>\nSPF \ub808\ucf54\ub4dc \uad6c\uc131 \uc694\uc18c:<\/p>\n
\nv=spf1<\/code>: SPF \ubc84\uc804<\/li>\nip4:111.222.333.444<\/code>: \ud5c8\uc6a9\ub41c IP \uc8fc\uc18c<\/li>\nmx<\/code>: MX \ub808\ucf54\ub4dc\uc758 \uc11c\ubc84\uc5d0\uc11c \ubc1c\uc1a1 \ud5c8\uc6a9<\/li>\n~all<\/code>: \uae30\ud0c0 \uc11c\ubc84\uc5d0\uc11c\uc758 \ubc1c\uc1a1\uc740 \uc18c\ud504\ud2b8 \uc2e4\ud328 (\uad8c\uc7a5\ud558\uc9c0 \uc54a\uc74c)<\/li>\n<\/ul>\n\ub354 \uc5c4\uaca9\ud55c \uc815\ucc45\uc744 \uc6d0\ud55c\ub2e4\uba74 ~all<\/code> \ub300\uc2e0 -all<\/code>\uc744 \uc0ac\uc6a9\ud560 \uc218 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\nDMARC \uc124\uc815<\/h2>\nDNS DMARC \ub808\ucf54\ub4dc \ucd94\uac00<\/h3>\n
\ub3c4\uba54\uc778\uc758 DNS \uc124\uc815\uc5d0\uc11c \ub2e4\uc74c TXT \ub808\ucf54\ub4dc\ub97c \ucd94\uac00\ud569\ub2c8\ub2e4:<\/p>\n
_dmarc.example.com. IN TXT "v=DMARC1; p=none; rua=mailto:dmarc@example.com; ruf=mailto:dmarc@example.com; fo=1"<\/code><\/pre>\nDMARC \ub808\ucf54\ub4dc \uad6c\uc131 \uc694\uc18c:<\/p>\n
\nv=DMARC1<\/code>: DMARC \ubc84\uc804<\/li>\np=quarantine<\/code>: \uc815\ucc45 (none, quarantine, reject)<\/li>\nrua<\/code>: \uc9d1\uacc4 \ubcf4\uace0\uc11c \uc218\uc2e0 \uc774\uba54\uc77c<\/li>\nruf<\/code>: \ud3ec\ub80c\uc2dd \ubcf4\uace0\uc11c \uc218\uc2e0 \uc774\uba54\uc77c<\/li>\n<\/ul>\n\uc124\uc815 \uac80\uc99d \ubc0f \ud14c\uc2a4\ud2b8<\/h2>\n1. DKIM \uc11c\uba85 \ud655\uc778<\/h3>\n# \ud14c\uc2a4\ud2b8 \uba54\uc77c \ubc1c\uc1a1\necho "DKIM \ud14c\uc2a4\ud2b8 \uba54\uc77c" | mail -s "DKIM Test" test@gmail.com\n\n# \ub85c\uadf8 \ud655\uc778\nsudo tail -f \/var\/log\/mail.log | grep -i dkim<\/code><\/pre>\n2. DNS \ub808\ucf54\ub4dc \ud655\uc778<\/h3>\n# sudo apt install dnsutils\n\n# SPF \ub808\ucf54\ub4dc \ud655\uc778\ndig TXT example.com | grep spf\n\n# DKIM \ub808\ucf54\ub4dc \ud655\uc778\ndig TXT mail._domainkey.example.com\n\n# DMARC \ub808\ucf54\ub4dc \ud655\uc778\ndig TXT _dmarc.example.com<\/code><\/pre>\n","protected":false},"excerpt":{"rendered":"Postfix \uc124\uce58 (2\/4) – DKIM\/SPF\/DMARC \uc124\uc815 \uac00\uc774\ub4dc \uc774 \uae00\uc5d0\uc11c\ub294 \uc55e\uc11c \uad6c\ucd95\ud55c Postfix \uba54\uc77c \uc11c\ubc84\uc5d0 \uba54\uc77c \uc778\uc99d \uae30\ub2a5(DKIM, SPF, DMARC)\uc744 \ucd94\uac00\ud558\uc5ec \uba54\uc77c \uc2e0\ub8b0\uc131\uc744 \ub192\uc774\uace0 \uc2a4\ud338 \ucc98\ub9ac\ub97c \ubc29\uc9c0\ud558\ub294 \ubc29\ubc95\uc744 \ub2e4\ub8f9\ub2c8\ub2e4. \uac1c\uc694 \uba54\uc77c \uc778\uc99d \uae30\uc220\uc740 \ub2e4\uc74c\uacfc \uac19\uc740 \ubaa9\uc801\uc73c\ub85c \uc0ac\uc6a9\ub429\ub2c8\ub2e4: SPF (Sender Policy Framework): \ubc1c\uc1a1 \uc11c\ubc84\uc758 \uad8c\ud55c\uc744 \uac80\uc99d DKIM (DomainKeys Identified Mail): \uba54\uc77c \ub0b4\uc6a9\uc758 \ubb34\uacb0\uc131\uc744 \ubcf4\uc7a5 DMARC (Domain-based Message\u2026 Read More »<\/a><\/span><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[16],"tags":[],"class_list":["post-10756","post","type-post","status-publish","format-standard","hentry","category-sendmail"],"_links":{"self":[{"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/10756","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=10756"}],"version-history":[{"count":16,"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/10756\/revisions"}],"predecessor-version":[{"id":10815,"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/10756\/revisions\/10815"}],"wp:attachment":[{"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=10756"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=10756"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=10756"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}