{"id":2197,"date":"2025-05-29T17:17:28","date_gmt":"2025-05-29T09:17:28","guid":{"rendered":"http:\/\/blog.infinity.idv.tw\/?p=2197"},"modified":"2025-05-29T17:19:28","modified_gmt":"2025-05-29T09:19:28","slug":"%e5%a6%82%e6%9e%9c-mailscanner-%e5%9c%a8-dkim-%e9%a9%97%e8%ad%89%e5%be%8c%e4%bb%8d%e7%84%b6%e6%a8%99%e8%a8%98%e9%83%b5%e4%bb%b6%e7%82%ba-%e9%87%a3%e9%ad%9a%e8%a9%90%e9%a8%99-phishing-fraud%ef%bc%8c","status":"publish","type":"post","link":"http:\/\/blog.infinity.idv.tw\/?p=2197","title":{"rendered":"\u5982\u679c MailScanner \u5728 DKIM \u9a57\u8b49\u5f8c\u4ecd\u7136\u6a19\u8a18\u90f5\u4ef6\u70ba \u91e3\u9b5a\u8a50\u9a19 (Phishing Fraud)\uff0c\u5c31\u6703\u51fa\u73feDKIM\u9a57\u8b49\u932f\u8aa4"},"content":{"rendered":"<p><font size=\"4\">DKIM\u51fa\u73fe\u7684\u932f\u8aa4\u53ef\u80fd\u662f\u90f5\u4ef6\u6b77\u7a0b\u5167\u7684 dkim=fail reason=&quot;signature verification failed&quot;<\/font><\/p>\n<p><font size=\"4\">\u6216\u662f\u7b2c\u4e09\u65b9\u9a57\u8b49DKIM\u7684dkim=fail body has been altered     <\/p>\n<p>\u5982\u679c MailScanner \u5728 DKIM \u9a57\u8b49\u5f8c\u4ecd\u7136\u6a19\u8a18\u90f5\u4ef6\u70ba <strong>\u91e3\u9b5a\u8a50\u9a19 (Phishing Fraud)<\/strong>\uff0c\u53ef\u80fd\u662f\u56e0\u70ba MailScanner \u4ecd\u5728\u6aa2\u67e5\u90f5\u4ef6\u5167\u5bb9\u4e2d\u7684 URL \u6216\u767c\u4ef6\u4eba\u5730\u5740\u3002\u9019\u53ef\u80fd\u5c0e\u81f4\u8aa4\u5224\uff0c\u5373\u4f7f DKIM \u7c3d\u540d\u5df2\u9a57\u8b49\u6210\u529f\u3002<\/font><\/p>\n<h5><font size=\"4\">\u89e3\u6c7a\u65b9\u6848\uff1a<\/font><\/h5>\n<ol>\n<li>\n<p><strong><font size=\"4\">\u95dc\u9589\u91e3\u9b5a\u8a50\u9a19\u6aa2\u6e2c<\/font><\/strong><\/p>\n<ul>\n<li>\n<p><font size=\"4\">\u7de8\u8f2f MailScanner \u8a2d\u5b9a\u6a94\uff1a<\/font><\/p>\n<pre><code><font size=\"4\">sudo nano \/etc\/MailScanner\/MailScanner.conf\n<\/font><\/code><\/pre>\n<\/li>\n<li>\n<p><font size=\"4\">\u627e\u5230\uff1a<\/font><\/p>\n<pre><code><font size=\"4\">Find Phishing Fraud = yes\n<\/font><\/code><\/pre>\n<\/li>\n<li>\n<p><font size=\"4\">\u4fee\u6539\u70ba\uff1a<\/font><\/p>\n<pre><code><font size=\"4\">Find Phishing Fraud = no\n<\/font><\/code><\/pre>\n<\/li>\n<li>\n<p><font size=\"4\">\u5132\u5b58\u4e26\u91cd\u65b0\u555f\u52d5 MailScanner\uff1a<\/font><\/p>\n<pre><code><font size=\"4\">sudo systemctl restart MailScanner\n<\/font><\/code><\/pre>\n<\/li>\n<\/ul>\n<\/li>\n<li>\n<p><strong><font size=\"4\">\u6392\u9664\u7279\u5b9a\u7db2\u57df<\/font><\/strong><\/p>\n<ul>\n<li>\n<p><font size=\"4\">\u5982\u679c\u4f60\u5e0c\u671b MailScanner \u5ffd\u7565\u67d0\u4e9b\u7db2\u57df\u7684\u91e3\u9b5a\u6aa2\u6e2c\uff1a<\/font><\/p>\n<pre><code><font size=\"4\">sudo nano \/etc\/MailScanner\/phishing.safe.sites.conf\n<\/font><\/code><\/pre>\n<\/li>\n<li>\n<p><font size=\"4\">\u6dfb\u52a0\u53ef\u4fe1\u7db2\u57df\uff0c\u4f8b\u5982\uff1a<\/font><\/p>\n<pre><code><font size=\"4\">example.com\ntrusted-site.com\n<\/font><\/code><\/pre>\n<\/li>\n<li>\n<p><font size=\"4\">\u5132\u5b58\u4e26\u91cd\u65b0\u555f\u52d5 MailScanner\u3002<\/font><\/p>\n<\/li>\n<\/ul>\n<\/li>\n<li>\n<p><strong><font size=\"4\">\u6aa2\u67e5 DKIM \u8a2d\u5b9a<\/font><\/strong><\/p>\n<ul>\n<li>\n<p><font size=\"4\">\u78ba\u4fdd DKIM \u7c3d\u540d\u5df2\u6b63\u78ba\u9a57\u8b49\uff1a<\/font><\/p>\n<pre><code><font size=\"4\">sudo opendkim-testkey -d example.com -s default -vvv\n<\/font><\/code><\/pre>\n<\/li>\n<li>\n<p><font size=\"4\">\u78ba\u4fdd SPF \u548c DMARC \u8a18\u9304\u6b63\u78ba\uff0c\u4ee5\u907f\u514d\u984d\u5916\u7684\u90f5\u4ef6\u9a57\u8b49\u554f\u984c\u3002<\/font><\/p>\n<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n<p><font size=\"4\">\u4f60\u53ef\u4ee5\u53c3\u8003\u9019\u7bc7\u6307\u5357 \u6216MailScanner \u8a0e\u8ad6 \u4f86\u7372\u53d6\u66f4\u591a\u8a73\u7d30\u8cc7\u8a0a\u3002\u5982\u679c\u554f\u984c\u4ecd\u7136\u5b58\u5728\uff0c\u8acb\u63d0\u4f9b\u932f\u8aa4\u8a0a\u606f\uff0c\u6211\u53ef\u4ee5\u5e6b\u4f60\u5206\u6790\uff01<\/font><\/p>\n","protected":false},"excerpt":{"rendered":"<p>DKIM\u51fa\u73fe\u7684\u932f\u8aa4\u53ef\u80fd\u662f\u90f5\u4ef6\u6b77\u7a0b\u5167\u7684 dkim=fail reason=&quot;signature verification failed&quot;<\/p>\n<p>\u6216\u662f\u7b2c\u4e09\u65b9\u9a57\u8b49DKIM\u7684dkim=fail body has been altered     <\/p>\n<p>\u5982\u679c MailScanner \u5728 DKIM \u9a57\u8b49\u5f8c\u4ecd\u7136\u6a19\u8a18\u90f5\u4ef6\u70ba \u91e3\u9b5a\u8a50\u9a19 (Phishing Fraud)\uff0c\u53ef\u80fd\u662f\u56e0\u70ba MailScanner \u4ecd\u5728\u6aa2\u67e5\u90f5\u4ef6\u5167\u5bb9\u4e2d\u7684 URL \u6216\u767c\u4ef6\u4eba\u5730\u5740\u3002\u9019\u53ef\u80fd\u5c0e\u81f4\u8aa4\u5224\uff0c\u5373\u4f7f DKIM \u7c3d\u540d\u5df2\u9a57\u8b49\u6210\u529f\u3002<\/p>\n<p>\u89e3\u6c7a\u65b9\u6848\uff1a<\/p>\n<p>\u95dc\u9589\u91e3\u9b5a\u8a50\u9a19\u6aa2\u6e2c<\/p>\n<p>\u7de8\u8f2f MailScanner \u8a2d\u5b9a\u6a94\uff1a<\/p>\n<p>sudo nano \/etc\/MailScanner\/MailScanner.conf<\/p>\n<p>\u627e\u5230\uff1a<\/p>\n<p>Find Phishing Fraud = yes<\/p>\n<p>\u4fee\u6539\u70ba\uff1a<\/p>\n<p>Find Phishing Fraud = no<\/p>\n<p>\u5132\u5b58\u4e26\u91cd\u65b0\u555f\u52d5 MailScanner\uff1a<\/p>\n<p>sudo systemctl restart MailScanner<\/p>\n<p>\u6392\u9664\u7279\u5b9a\u7db2\u57df<\/p>\n<p>\u5982\u679c\u4f60\u5e0c\u671b MailScanner \u5ffd\u7565\u67d0\u4e9b\u7db2\u57df\u7684\u91e3\u9b5a\u6aa2\u6e2c\uff1a<\/p>\n<p>sudo nano \/etc\/MailScanner\/phishing.safe.sites.conf<\/p>\n<p>\u6dfb\u52a0\u53ef\u4fe1\u7db2\u57df\uff0c\u4f8b\u5982\uff1a<\/p>\n<p>example.com<br \/>\ntrusted-site.com<\/p>\n<p>\u5132\u5b58\u4e26\u91cd\u65b0\u555f\u52d5 MailScanner\u3002<\/p>\n<p>\u6aa2\u67e5 DKIM \u8a2d\u5b9a<\/p>\n<p>\u78ba\u4fdd DKIM \u7c3d\u540d\u5df2\u6b63\u78ba\u9a57\u8b49\uff1a<\/p>\n<p>sudo opendkim-testkey -d example.com [&#8230;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":[],"categories":[4,14,255,520],"tags":[845,846,541],"_links":{"self":[{"href":"http:\/\/blog.infinity.idv.tw\/index.php?rest_route=\/wp\/v2\/posts\/2197"}],"collection":[{"href":"http:\/\/blog.infinity.idv.tw\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/blog.infinity.idv.tw\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/blog.infinity.idv.tw\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/blog.infinity.idv.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2197"}],"version-history":[{"count":1,"href":"http:\/\/blog.infinity.idv.tw\/index.php?rest_route=\/wp\/v2\/posts\/2197\/revisions"}],"predecessor-version":[{"id":2198,"href":"http:\/\/blog.infinity.idv.tw\/index.php?rest_route=\/wp\/v2\/posts\/2197\/revisions\/2198"}],"wp:attachment":[{"href":"http:\/\/blog.infinity.idv.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2197"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/blog.infinity.idv.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2197"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/blog.infinity.idv.tw\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2197"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}