You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@james.apache.org by bt...@apache.org on 2021/09/15 02:30:57 UTC
[james-site] branch asf-site updated: Deploy JAMES-3644
This is an automated email from the ASF dual-hosted git repository.
btellier pushed a commit to branch asf-site
in repository https://gitbox.apache.org/repos/asf/james-site.git
The following commit(s) were added to refs/heads/asf-site by this push:
new a107619 Deploy JAMES-3644
a107619 is described below
commit a10761904de3ea09be2b257d82a39c0c8006bcb2
Author: Benoit Tellier <bt...@linagora.com>
AuthorDate: Wed Sep 15 09:30:32 2021 +0700
Deploy JAMES-3644
---
content/feed.xml | 4 +-
content/howTo/{index.html => dkim.html} | 226 ++++++++++++++++++++------------
content/howTo/imap-server.html | 33 ++++-
content/howTo/index.html | 7 +
content/howTo/spf.html | 8 +-
5 files changed, 188 insertions(+), 90 deletions(-)
diff --git a/content/feed.xml b/content/feed.xml
index 8fd2490..e844eb6 100644
--- a/content/feed.xml
+++ b/content/feed.xml
@@ -24,8 +24,8 @@
</description>
<link>http://james.apache.org/</link>
<atom:link href="http://james.apache.org/feed.xml" rel="self" type="application/rss+xml"/>
- <pubDate>Mon, 13 Sep 2021 10:57:35 +0700</pubDate>
- <lastBuildDate>Mon, 13 Sep 2021 10:57:35 +0700</lastBuildDate>
+ <pubDate>Wed, 15 Sep 2021 09:29:35 +0700</pubDate>
+ <lastBuildDate>Wed, 15 Sep 2021 09:29:35 +0700</lastBuildDate>
<generator>Jekyll v4.2.0</generator>
<item>
diff --git a/content/howTo/index.html b/content/howTo/dkim.html
similarity index 56%
copy from content/howTo/index.html
copy to content/howTo/dkim.html
index 3605217..f094611 100644
--- a/content/howTo/index.html
+++ b/content/howTo/dkim.html
@@ -107,96 +107,156 @@
-->
<!-- Main -->
- <div id="main">
+<div id="main">
<!-- Introduction -->
- <section id="intro" class="main special">
- <div class="">
- <div class="content">
+ <section id="intro" class="main special">
+ <div class="">
+ <div class="content align-left">
<header class="major">
- <h2>James how to's...</h2>
+ <h1><b>What is a DKIM Record?</b></h1>
</header>
- <p class="align-left">James can be used for a wide variety of cases. Here is a little list of what you can use it for.<br/>
- This section explains in detail how to achieve these cool features in a straightforward way.</p>
-
- <a href="imap-server.html"
- data-lightbox="james-schema"
- data-title="Setting up an IMAP server"
- alt="Setting up an IMAP server"
- class="james-schema" >
- <span class="fa fa-sitemap"></span>Setting up an IMAP server<span class="fa fa-long-arrow-right"></span>
- </a>
- <a href="spf.html"
- data-lightbox="james-schema"
- data-title="Configuring SPF"
- alt="Configuring SPF"
- class="james-schema" >
- <span class="fa fa-sitemap"></span>Configuring SPF <span class="fa fa-long-arrow-right"></span>
- </a>
- <a href="deleted-messages-vault.html"
- data-lightbox="james-schema"
- data-title="Deleted Messages Vault"
- alt="Deleted Messages Vault"
- class="james-schema" >
- <span class="fa fa-sitemap"></span>Deleted Messages Vault<span class="fa fa-long-arrow-right"></span>
- </a>
+
+ <p>
+ DKIM (DomainKeys Identified Mail) is an email security standard designed to make sure messages aren’t altered in transit between the sending and recipient servers.
+ </p>
+
+ <p>
+ It uses public-key cryptography to sign email with a private key as it leaves a sending server.
+ Recipient servers then use a public key published to a domain’s DNS to verify the source of the message, and that the body of the message hasn’t changed during transit.
+ </p>
+
+ <p>
+ Once the signature is verified with the public key by the recipient server, the message passes the DKIM check and is considered authentic.
+ </p>
+
+ <p>
+ The process of setting up DKIM can be split into the following steps:
+ </p>
+
+ <ul>
+ <li>Choose a DKIM selector.</li>
+ <li>Generate a public-private key pair.</li>
+ <li>Publish the selector and public key by creating a DKIM TXT record.</li>
+ <li>Attach the token to each outgoing email.</li>
+ </ul>
+
+ <p>
+ Before we begin, you might wonder what is a DKIM selector?
+ </p>
+ <p>
+ In short, a selector is specified as an attribute for a DKIM signature and is recorded in the DKIM-Signature header field.
+ A selector can be anything you want, such as a word, number, or a string of letters and numbers.
+ </p>
+ <p>
+ For example, if you choose <code>james3</code> for your selector, the DKIM record name would become <code>james3._domainkey</code>
+ </p>
+
<header class="major">
- <h2>Customize James</h2>
+ <h1><b>Generate RSA Key Pair for DKIM</b></h1>
</header>
- <p class="align-left">This section will show you how to modify James to use it in your purpose, and embed your own code.</p>
- <a href="mail-processing.html"
- data-lightbox="james-schema"
- data-title="Customized mail processing"
- alt="Customized mail processing"
- class="james-schema" >
- <span class="fa fa-sitemap"></span>Customized mail processing<span class="fa fa-long-arrow-right"></span>
- </a>
- <a href="custom-listeners.html"
- data-lightbox="james-schema"
- data-title="Configure Custom Listeners"
- alt="Configure Custom Listeners"
- class="james-schema" >
- <span class="fa fa-sitemap"></span>Configure Custom Listeners<span class="fa fa-long-arrow-right"></span>
- </a>
- <a href="custom-smtp-hooks.html"
- data-lightbox="james-schema"
- data-title="Configure Custom SMTP hooks"
- alt="Configure Custom SMTP hooks"
- class="james-schema" >
- <span class="fa fa-sitemap"></span>Configure Custom SMTP hooks<span class="fa fa-long-arrow-right"></span>
- </a>
- <br/>
- <a href="custom-smtp-commands.html"
- data-lightbox="james-schema"
- data-title="Configure Custom SMTP commands"
- alt="Configure Custom SMTP commands"
- class="james-schema" >
- <span class="fa fa-sitemap"></span>Configure Custom SMTP commands<span class="fa fa-long-arrow-right"></span>
- </a>
- <a href="custom-webadmin-routes.html"
- data-lightbox="james-schema"
- data-title="Configure Custom WebAdmin routes"
- alt="Configure Custom WebAdmin routes"
- class="james-schema" >
- <span class="fa fa-sitemap"></span>Configure Custom WebAdmin routes<span class="fa fa-long-arrow-right"></span>
- </a>
- <a href="custom-james-assembly.html"
- data-lightbox="james-schema"
- data-title="Write Custom James server assembly"
- alt="Write Custom James server assembly"
- class="james-schema" >
- <span class="fa fa-sitemap"></span>Write Custom James server assembly<span class="fa fa-long-arrow-right"></span>
- </a>
-
- <br/>
- <br/>
-
- </div>
- </div>
- </section>
-
- </div>
+
+ <p>
+ You can use tools such as <code>openssl</code> or <code>ssh-keygen</code> to generate RSA keys.
+ </p>
+ <p>
+ Please note that 1024 bit DKIM is still the standard. If you want to feel safer with 2048-bit RSA, check with your DNS provider and see what length of DKIM key is supported because they need to match.
+ </p>
+ <p>Generate a 1024 bit RSA Key:</p>
+ <code>$ openssl genrsa -out private.pem 1024</code>
+
+ <p>Export the RSA Public Key to a file:</p>
+ <code>$ openssl rsa -in private.pem -outform PEM -pubout -out public.pem</code>
+ <p>Both generated files are base64-encoded encryption keys in plain text format:</p>
+
+ <pre><code>-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQCxMwUfjQbppE2EK4T2IDuiLRvZ4opSwJwxani/5Ii5VbqMQRfo
+edUMuczK5qKJuIupTnh9AhJfaAsGUSruCVlGYXq6bqfak3XGHGu4s0rAXRM6Y3us
+gy8RyxfWQqtYbEZPIwkLGPbPeIh2t8s3mL9fD9+tpO5H1Kc+9MBTMm7qnQIDAQAB
+AoGATyl52nSIaAyMzMUca1BPE86PKLG6FeoSXUkxlJimNBYGdu4Fnkf/U+YVhXev
+mVMmoYZ68W3hg1nZwwKz6Q+oH7iBk+AJRQlDQmdNuqBS5epKQpIk77w6J+Nd2HCa
+wLXnt5wtDcusIV+HvznKi/yEt+oq29BbyY2CjAUYtR57wEECQQDhs71D4M8su6hv
+bBbif1V/4m62ChkSZRnD7T2rCxzqLoe3Qe6W9hwysDjYMAtq3pA7mjMYyTqrx8sJ
+RWcVSaf5AkEAyPx63vEKS38QPYyiesuJqqrnTeVlnPInedEmJmI6Rz5cWISosvNz
+/QjHzTqOT1fXfskbhutg1/mDarsHnH/oxQJBAJjH/cdUB4nlYehCx978iRjvYzgQ
+79XW4DETiBofhKw1YSM5G1PPN1lMlr4pD6GBFStzf0E4/mFH9nXJKDVtzakCQQCG
+OQ75ijHc31uCL0RnCzzB7GaSf+tPV+yDDukSYzEWWRAk0Vs0Px+r0UxVw5A8bqZs
+dnPas6C2O1zHT2Yy3r0dAkBECZDJaFhADFPSex8UrUrIidJaz8NLdyDiuwXKjc/c
+AmlLQXKntU4M5EIE6jz0Gf1ivw06pvTDOCDWlDxJRvf8
+-----END RSA PRIVATE KEY-----</code></pre>
+ <pre><code>
+-----BEGIN PUBLIC KEY-----
+MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCxMwUfjQbppE2EK4T2IDuiLRvZ
+4opSwJwxani/5Ii5VbqMQRfoedUMuczK5qKJuIupTnh9AhJfaAsGUSruCVlGYXq6
+bqfak3XGHGu4s0rAXRM6Y3usgy8RyxfWQqtYbEZPIwkLGPbPeIh2t8s3mL9fD9+t
+pO5H1Kc+9MBTMm7qnQIDAQAB
+-----END PUBLIC KEY-----
+ </code></pre>
+
+ <p>Beside above steps, online tools such as <a href="https://www.sparkpost.com/resources/tools/dkim-wizard/">DKIM Wizard</a> can help you easily create a public and private key pair to be used for DomainKeys and DKIM signing. </p>
+
+
+ <header class="major">
+ <h1><b>Create DKIM TXT record</b></h1>
+ </header>
+ <p>Log in your Domain Control Panel and create a TXT Record:</p>
+
+ <pre><code>Record Type: TXT Record
+Host Name: james3._domainkey
+Text: v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNAD[...Your Public Key...]
+</code></pre>
+
+<h1><b>Configure DKIMSign mailet</b></h1>
+
+<p>Lastly, you need to add a maillet to the <code>mailetcontainer.xml</code> in the /conf file of Apache James.</p>
+
+
+
+<pre><code>[...]
+<processors>
+ <processor state="relay" enableJmx="true">
+ <mailet match="All" class="org.apache.james.jdkim.mailets.DKIMSign">
+ <signatureTemplate>v=1; s=james3; d=domain.example.com ; h=from : reply-to : subject : date : to : cc : resent-date : resent-from : resent-sender : resent-to : resent-cc : in-reply-to : references : list-id : list-help : list-unsubscribe : list-subscribe : list-post : list-owner : list-archive; a=rsa-sha256; bh=; b=;</signatureTemplate>
+ <privateKey>
+ -----BEGIN RSA PRIVATE KEY-----
+ [Your Private Key]
+ -----END RSA PRIVATE KEY-----
+ </privateKey>
+ <mailet>
+ </processor>
+</processor>
+[...]</code></pre>
+
+<h1><b>Verifying DKIM Record</b></h1>
+<p>To query the DKIM key, you will have to know the DKIM selector:</p>
+
+<pre><code>$ dig txt james3._domainkey.domain.example.com
+; <<>> DiG 9.16.1-Ubuntu <<>> txt james3._domainkey.domain.example.com
+;; global options: +cmd
+;; Got answer:
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39673
+;; flags: qr rd ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
+;; WARNING: recursion requested but not available
+
+;; QUESTION SECTION:
+;james3._domainkey.domain.example.com IN TXT
+
+;; ANSWER SECTION:
+james3._domainkey.domain.example.com. 0 IN TXT "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNAD[...Your Public Key...]"
+[...]</code></pre>
+</div>
+
+
+
+</div>
+<footer class="major">
+<ul class="actions align-center">
+ <li><a href="index.html" class="button">go back to other how-tos</a></li>
+</ul>
+</footer>
+</section>
+</div>
diff --git a/content/howTo/imap-server.html b/content/howTo/imap-server.html
index 95bc4da..d5d979f 100644
--- a/content/howTo/imap-server.html
+++ b/content/howTo/imap-server.html
@@ -123,7 +123,7 @@
</p>
<ul>
- <li>DNS creation and MX record</li>
+ <li>DNS resolution and essential DNS records for mail delivery</li>
<li>Server components description</li>
<li>Generation of a custom keystore</li>
<li>Starting James</li>
@@ -140,6 +140,15 @@
</header>
<p>
+ For a public facing mail server to send and receive mail properly,
+ it is necessary to configure your public DNS records so that other mailservers can find and send mail to your users,
+ and for other mailservers to trust and receive your mail.
+ </p>
+ <header class="major">
+ <h2><b>MX Record</b></h2>
+ </header>
+
+ <p>
Someone willing to send you an email will first have to discover which IP your mail server has.
The way this is achieved is through MX (means Mail eXchange) DNS record.
</p>
@@ -155,8 +164,28 @@
<li>...and can establish a connection to <code>mx.company.com</code> to send an email to Alice</li>
</ol>
- <p>All is needed is a MX entry in domain name resolution pointing to the future IP of your James server.</p>
+ <p>All you need is to create a MX Record in your Domain Control Panel and point it to the IP of your James server.</p>
+
+ <header class="major">
+ <h2><b>PTR Record</b></h2>
+ </header>
+
+ <p>
+ So you want to send an email to friends in another domain.
+ Their mailserver will not trust mail coming from your server unless they can do a reverse DNS lookup.
+ </p>
+
+ <p>That is what PTR Record do - A reverse lookup which maps the mailserver IP address to domain name.</p>
+ <p>PTR Record can only be created by your ISP - So don't hesitate to ask them to create it for you.</p>
+
+ <p>
+ For Security and Spam Protection, please check our other documents <a href="spf.html">SPF Record</a> and <a href="dkim.html">DKIM Record</a>.
+ </p>
+ <p>
+ For testing and checking vulnerabilities, send an email to <a href="https://www.mail-tester.com/">mail-tester</a>.
+ It's a free tool that analyze your message, mail server, sending IP... and show you a detailed report of what's configured properly and what's not.
+ </p>
<header class="major">
<h2><b>JAMES architecture</b></h2>
</header>
diff --git a/content/howTo/index.html b/content/howTo/index.html
index 3605217..d987a5c 100644
--- a/content/howTo/index.html
+++ b/content/howTo/index.html
@@ -133,6 +133,13 @@
class="james-schema" >
<span class="fa fa-sitemap"></span>Configuring SPF <span class="fa fa-long-arrow-right"></span>
</a>
+ <a href="dkim.html"
+ data-lightbox="james-schema"
+ data-title="Configuring DKIM"
+ alt="Configuring DKIM"
+ class="james-schema" >
+ <span class="fa fa-sitemap"></span>Configuring DKIM <span class="fa fa-long-arrow-right"></span>
+ </a>
<a href="deleted-messages-vault.html"
data-lightbox="james-schema"
data-title="Deleted Messages Vault"
diff --git a/content/howTo/spf.html b/content/howTo/spf.html
index 54b59b8..4733a3f 100644
--- a/content/howTo/spf.html
+++ b/content/howTo/spf.html
@@ -236,15 +236,17 @@
</processor>
[...]</code></pre>
-
+<p>
+ Finished configuring SPF ? Go check our guide for <a href="dkim.html">configuring DKIM Record</a>.
+</p>
</div>
<footer class="major">
<ul class="actions align-center">
- <li><a href="index.html" class="button">go back to other how-tos</a></li>
+ <li><a href="index.html" class="button">go back to other how-adasdasdetos</a></li>
</ul>
</footer>
</div>
- </section>
+
</div>
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@james.apache.org
For additional commands, e-mail: notifications-help@james.apache.org