On 29/05/20 12.04, Syafril Hermansyah wrote: > Implementasi DKIM di MDaemon dilakukan sbb :
Perhatikan urutannya, lakukan dulu di MDaemon sebelum publish di Authoritative DNS server. 1. Generate DKIM keys http://mdaemon.dutaint.co.id/mdaemon/19.5/index.html?security--dkim_sign.htm Default selector: MDaemon (atau mail). - klik "Create new public and private keys" - melalui windows explorer lihat ke folder \\mdaemon\pem\mdaemon, view file DNS_readme.txt dengan notepad. isinya kira-2x mirip berikut ini: ------ DKIM selector record for DNS: MDaemon._domainkey.dds7.dutaservisindo.co.id. IN TXT "v=DKIM1; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzT123a UNW032cskWlPe3mwukoxIB+DN6q4OgbpeNeOOZyribcxw62456 bv+SwCnFRqsMFh8fZfTF8Pe/ru3Zhqgqa/1G6gGWNdG2tY7789 Di11jjYsBgURX4+54cv+VAfTdfBz+uGx6LKDhOACnBMI098834" "gWYJAJUxqBBT9MVjf1Tj06KLSEHUmTvM+UMkjg5QjlEIbAe001 JIimfO8DlRb7IReYA0jg2c79MFSEWh/e1E081vIbS8xzQ6ihZ/ T4CE10/SAYMNJVLdxON9Sm1lUs5UbyUj2xibVO5taPbp3AG111 fSg0ecpLABGPhsqZCZu1qgH1Op4eQB8/QgzwIDA888" Important notes: (1) The above text includes carriage-return/line-feeds to break the data up into multiple lines for readability. You may have to remove them if your DNS server objects. (2) Some DNS servers have a 255 byte limit to the length of a string that can be entered so you may have to enter the above string as two separate elements. Your DNS server will return multiple strings as a single unit when queried. (3) The above example uses your primary domain of "dds7.dutaservisindo.co.id". You will want to setup similar records using different domain and key values if you wish to sign mail for other domains. (4) The above text is broken up into 200 byte chunks. Your DNS server may require that it be entered this way (in separate parts). If not, remove the quotation marks and line separators between the chunks and enter them into DNS as a single string. ------ Pilihan lain, gunakan DKIM Generator online tools kalau ingin generate multi DKIM record. https://tools.socketlabs.com/dkim/generator https://www.sparkpost.com/resources/tools/dkim-wizard/ aktifkan menu berikut [x] Sign eligible outbound messages using DKIM [x] ...sign mailing list messages kalau punya/hosting lebih dari satu domain dan semua ingin diaktifkan DKIM nya maka aktifkan [x] All messages from local domains are eligible for signing kalau hanya sebagian saja, maka klik "Define which messages are eligible for signing". 2. Aktifkan DKIM signing http://mdaemon.dutaint.co.id/mdaemon/19.5/index.html?security--dkim_options.htm [x] Signatures expire after 7 days [x] Signatures include creation time stamp [x] Signatures include query method(s) Canonicalize headers using: Simple Canonicalize body using: Simple catatan: *simple* adalah strict, tidak membolehkan adanya perubahan huruf besar dengan huruf kecil (case sensitive, kalau *relax* membolehkan perubahan huruf besar-kecil (no case sensitive). [x] Verifier requires signatures to protect the Subject header 3. Publish DKIM record di Name Server (Authoritative DNS server) DKIM record yang dibuat di langkah no 1 dibuatkan/publish di Name Server, dalam hal ini di Start of Authority (SOA) DNS server. Cara mencheck C:\ nslookup -q=soa dutaint.co.id hasilnya akan mirip ini $ nslookup -q=soa dutaint.co.id 8.8.8.8 Server: 8.8.8.8 Address: 8.8.8.8#53 Non-authoritative answer: dutaint.co.id origin = ns1.dutaint.com mail addr = hostmaster.dutaservisindo.co.id serial = 2020052401 refresh = 14400 retry = 3600 expire = 1209600 minimum = 259200 yang artinya SOA DNS ada di server ns1.dutaint.com, dan jika tidak bisa melakukan sendiri bisa minta bantuan hostmaster (pengelola DNS server) di alamat email [email protected] Jadi DKIM record harus dibuat di DNS server ns1.dutaint.com. Buat juga Domain Key record di SOA DNS tersebut, melengkapi DNS DKIM record. _domainkey.dutaint.co.id text = "o=-" 4. Check hasilnya Lakukan check hasil publish DKIM dari online tools https://mxtoolbox.com/dkim.aspx https://protodave.com/tools/dkim-key-checker/ https://dkimcore.org/tools/keycheck.html test hasil pengiriman mail dengan DKIM signing melalui online tools berikut http://www.appmaildev.com/en/dkim/ klik "next step", nanti akan tampil email address yang bisa dikirimi DKIM message. atau dari https://dkimvalidator.com/ kirim mail ke [email protected] (yang diberikan disitu). lihat hasilnya dari dengan klik menu "view result." -- syafril ------- Syafril Hermansyah MDaemon-L Moderators, running MDaemon 20.0-64 bit Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon. Education is the kindling of a flame, not the filling of a vessel. --- Socrates -- --[mdaemon-l]---------------------------------------------------------- Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette Arsip: http://mdaemon-l.dutaint.com Dokumentasi : http://mdaemon.dutaint.co.id Berlangganan: Kirim mail ke [email protected] Henti Langgan: Kirim mail ke [email protected] Versi terakhir: MDaemon 20.0.0, SecurityGateway 6.5.2
