darking358 发表于 2009-08-20 10:40

如何验证dkim(基本解决)

想到有2种方法

1。使用花生壳,通过花生壳,将dkim的key写入dns server,然后从花生壳的域名发送邮件到yahoo或者google
   此方法的问题是:必须申请顶极域名,否则无法使用txt记录,需要花钱

2。自己建立一个具有验证dkim的server,像yahoo或google那样
   目前,不知道如何建立

请教各位cuser,有什么好的方法没?


方法2已经成功,可用于内部测试
有顶极域名的可以试试方法1

[ 本帖最后由 darking358 于 2009-8-21 14:42 编辑 ]

scyzxp 发表于 2009-08-20 13:31

原帖由 darking358 于 2009-8-20 10:40 发表 http://bbs2.chinaunix.net/images/common/back.gif
想到有2种方法

1。使用花生壳,通过花生壳,将dkim的key写入dns server,然后从花生壳的域名发送邮件到yahoo或者google
   此方法的问题是:必须申请顶极域名,否则无法使用txt记录,需要花钱

2。自己建 ...


去sf.net搜dk-filter

darking358 发表于 2009-08-20 14:19

回复 #2 scyzxp 的帖子

dk-filter如何验证签名?

能否说详细点

darking358 发表于 2009-08-20 16:26

testfe2@fe100.f10.com发送邮件到testmail4@mail.f10.com,在dns上为fe100.f10.com做了dkim签名,在mail.f10.com上做的dkim verify,收到的邮件信息如下,2楼给看看,mail.f10.com是否做了dkim verify

Return-Path: <testfe2@fe100.f10.com>
Received: from fe100.f10.com ()
        by mail.f10.com (8.14.3/8.14.3) with SMTP id n6VChGlb029728
        for <testmail4@mail.f10.com>; Fri, 31 Jul 2009 20:43:16 +0800
X-DKIM: Sendmail DKIM Filter v2.8.3 mail.f10.com n6VChGlb029728
Authentication-Results: mail.f10.com; dkim=pass (1024-bit key)
        header.i=@fe100.f10.com; x-dkim-adsp=none
Received: from pc1.as5.com ()
        by FML-100.fe100.f10.com id n7K84D8O002864; Thu, 20 Aug 2009 16:04:13 +0800
Message-ID: <4A8D0582.50709@fe100.f10.com>
Date: Thu, 20 Aug 2009 16:12:50 +0800
From: testfe2 <testfe2@fe100.f10.com>
User-Agent: Thunderbird 2.0.0.22 (X11/20090605)
MIME-Version: 1.0
To: testmail4 <testmail4@mail.f10.com>
Subject: vv
X-Enigmail-Version: 0.96.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; d=fe100.f10.com; s=testdkim; c=relaxed/relaxed;
        h=message-id:date:from:user-agent:mime-version:to:subject:x-enigmail-version:content-type:content-transfer-encoding;
        bh=MXE+sOaAlsMI0JUc8Pvr6ux+IEBHXI4mIR+1STOp2I8=;
        b=VJ383PB3wzwt2NfifgK0E4ZLAY7+yiXP06f3pVeoXgmz6dv3MOOtw/jvWBjyRd5CO0LH+ex3YOiqnbQ0SGkkUAmBt8rkcHp+egOFJVuy5pjzSbv8mvlxCQt1kbiXJ8IS3U+Ksb60AaguLB9tNP2tuIm6NlkwxtUfhgmmMxBZo1k=

v

ruochen 发表于 2009-08-20 18:28

X-DKIM: Sendmail DKIM Filter v2.8.3 mail.f10.com n6VChGlb029728
Authentication-Results: mail.f10.com; dkim=pass (1024-bit key)
      header.i=@fe100.f10.com; x-dkim-adsp=none

DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; d=fe100.f10.com; s=testdkim; c=relaxed/relaxed;
      h=message-id:date:from:user-agent:mime-version:to:subject-enigmail-version:content-type:content-transfer-encoding;
      bh=MXE+sOaAlsMI0JUc8Pvr6ux+IEBHXI4mIR+1STOp2I8=;
      b=VJ383PB3wzwt2NfifgK0E4ZLAY7+yiXP06f3pVeoXgmz6dv3MOOtw/jvWBjyRd5CO0LH+ex3YOiqnbQ0SGkkUAmBt8rkcHp+egOFJVuy5pjzSbv8mvlxCQt1kbiXJ8IS3U+Ksb60AaguLB9tNP2tuIm6NlkwxtUfhgmmMxBZo1k=

v


dkim成功

darking358 发表于 2009-08-20 20:21

签名是成功了

可是verify好像有点问题

X-FEAS-DKIM:Invalid Body Hash

ruochen 发表于 2009-08-21 08:24

原帖由 darking358 于 2009-8-20 20:21 发表 http://bbs2.chinaunix.net/images/common/back.gif
签名是成功了

可是verify好像有点问题

X-FEAS-DKIM:Invalid Body Hash


你上面的邮件头中没这个信息

darking358 发表于 2009-08-21 09:38

回复 #7 ruochen 的帖子

pc1---A(fe100.f10.com)-----B(mail.f10.com)---pc2

i want to A verify dkim,so,generate private/public key for
mail.f10.com,then add public key to dns server,pc2 send the message(from
mail.f10.com to fe100.f10.com) signed by B,the A can receive the
message and get the public key from dns server,but prompt
'X-FEAS-DKIM:invalid body hash'.


Return-Path: <testmail2@mail.f10.com>
Received: from mail.f10.com ()
        by FML-100.fe100.f10.comwith ESMTP id n7K9heZF002979
        (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO)
        for <testfe2@fe100.f10.com>; Thu, 20 Aug 2009 17:43:41 +0800
Received: from pc3.as5.com ()
        (authenticated bits=0)
        by mail.f10.com (8.14.3/8.14.3) with ESMTP id n7JDhtx2003581
        for <testfe2@fe100.f10.com>; Wed, 19 Aug 2009 21:43:56 +0800
X-DKIM: Sendmail DKIM Filter v2.8.3 mail.f10.com n7JDhtx2003581
DKIM-Signature: v=1; a=rsa-sha1; c=simple/simple; d=mail.f10.com; s=mail;
        t=1250689436; bh=cCF9cSS6K9VFxd5IKkRWSu7tLdw=;
        h=Message-ID:Date:From:MIME-Version:To:Subject:Content-Type:
       Content-Transfer-Encoding;
        b=qjKIzpsSBjPbHvEZlmc7WFovL1KhSKZ+PAhbcDaWKdUa/QumzP40zc/IqB8zGeL0k
       /X5kKNCSnP8GJNgY5c4o2jDPn/DQQ2IC2k8FXLWI7XP3QwdbmMkwt9KbfZ/ad+7u4F
       3LMuF9uEDG5p3q/hx4jZNRcKsGxFLS8P5lSAB+Hk=
Message-ID: <4A8E6DEA.5030808@mail.f10.com>
Date: Fri, 21 Aug 2009 17:50:34 +0800
From: testmail2 <testmail2@mail.f10.com>
User-Agent: Thunderbird 2.0.0.22 (X11/20090605)
MIME-Version: 1.0
To: testfe2@fe100.f10.com
Subject: ddd
X-Enigmail-Version: 0.96.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
X-FEAS-DKIM: Invalid Body Hash

dddd

darking358 发表于 2009-08-21 09:41

用openssl生成的key,selector是mail,dkim-filter中domain是mail.f10.com,dns中的记录是mail._domainkey.mail IN txt ".....",dns zone是f10.com,故在mail._domain后面又加了一个mail,否则,取不到public key,因为取的是mail._domainkey.mail.f10.com

scyzxp 发表于 2009-08-21 10:05

原帖由 darking358 于 2009-8-21 09:41 发表 http://bbs2.chinaunix.net/images/common/back.gif
用openssl生成的key,selector是mail,dkim-filter中domain是mail.f10.com,dns中的记录是mail._domainkey.mail IN txt ".....",dns zone是f10.com,故在mail._domain后面又加了一个mail,否则,取不到public...


看来兄弟是真的搞懂了
页: [1] 2
查看完整版本: 如何验证dkim(基本解决)