Rspamd
  1. Instale o redis e o rspamd:
    yum install epel-release
    cd /etc/yum.repos.d/
    wget -c https://rspamd.com/rpm-stable/centos-7/rspamd.repo
    yum update
    yum install redis rspamd
  2. Edite o arquivo /etc/redis.conf:
    bind 127.0.0.1
    maxmemory 500mb
    maxmemory-policy volatile-ttl
  3. Habilite e inicie o serviço redis:
    systemctl enable redis
    systemctl start redis
  4. Opcional -- edite os arquivos /etc/rspamd/local.d/worker-proxy.inc e /etc/rspamd/local.d/worker-normal.inc:
    • Arquivo /etc/rspamd/local.d/worker-proxy.inc:
      bind_socket = "*:11332";
    • Arquivo /etc/rspamd/local.d/worker-normal.inc:
      bind_socket = "*:11333";
  5. Habilite e inicie o serviço rspamd:
    systemctl enable rspamd
    systemctl start rspamd

DKIM:

  1. Edite o arquivo /etc/rspamd/local.d/dkim_signing.conf:
    allow_username_mismatch = true;
    domain {
      empresa.com.br {
        selectors [
          { # Private key path
            path = "/etc/rspamd/keys/empresa.com.br/mail.private";
            # Selector
            selector = "mail";
          }
        ]
      }
    }
  2. Crie o diretório /etc/rspamd/keys/empresa.com.br:
    mkdir -p /etc/rspamd/keys/empresa.com.br
  3. Crie o arquivo /etc/rspamd/keys/empresa.com.br/mail.private:
    cd /etc/rspamd/keys/empresa.com.br
    rspamadm dkim_keygen -s 'mail' -d empresa.com.br
    A saída do comando rspamadm dkim_keygen deve ser parecida com a seguinte:
    -----BEGIN PRIVATE KEY-----
    MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBALGpV3MLDYla81E0
    wBoYWi6fDdRawv9CAWdVPvYY3hS08VRWce1aYAqhPpCqE/scPXZbJ2MbUE+/NzTM
    m0M6UnME61lG+TS24Qhu9RHQRPaHfjtFT1PNMBuw4S4OpVZOrk/U7Q8WZ7zxeJYG
    9JoklzKRK6KJZs5YwTU2BXQZ6GlrAgMBAAECgYBbRZl0s/f3We9pB8WtYldqXjJX
    p21IgBuCf8wB2JK3ZqIY5vROsUBoFaCz53yuZDq7RGc+xjiDT8RH7tnRNvRF4cM2
    NBS19DU3luo8+0h2EUuZ9aJBqAY4gGMYVQZj3H55nQLp35eBtyBk+jH3Ex9DHYgm
    lsugMq8d9sD2D4o+2QJBANwj2PaVj8puib3tgYD492t7pmyzRvoef12k5MTMp8dT
    +4fYwK49FuGgUnrlPuyj/7Hlcwzg2Cpr0emNHMEjbE8CQQDOmhQdbJATXD298vd/
    5Qc1e+4nfllQGb/7Ceppcsn8UFxCGJCozO0qFVlbXEVGPexntUkznrQJT15fZzg8
    v54lAkAICp8wUsJP6L3LXFOwvGd9W6T2r43WMSsB5rYcokU2uNClY7uWIdEmKM8a
    gilMR6ldfD45qDT9R7cBSxBT1dFtAkEAxHXgCtrhZoegbrBMimHPqRxgK04KwBC8
    bovPTNbLHBOOp4uUg+/a1tnWTvo/JbxcwYGySlPv/6ppo28UGzBbwQJBALfus80q
    S1ZCDfc0QhbALKA36ZwW+xRhKQO0bqyXhYmIDn/8MXUV5cOVYWWnADQvOUYRp1OU
    zj7x4cvRsxMIhi8=
    -----END PRIVATE KEY-----
    mail._domainkey IN TXT ( "v=DKIM1; k=rsa; "
            "p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCxqVdzCw2JWvNRNMAaGFounw3UWsL/QgFnVT72GN4UtPFUVnHtWmAKoT6QqhP7HD12WydjG1BPvzc0zJtDOlJzBOtZRvk0tuEIbvUR0ET2h347RU9TzTAbsOEuDqVWTq5P1O0PFme88XiWBvSaJJcykSuiiWbOWME1NgV0GehpawIDAQAB" ) ;
    Copie a parte da saída do comando rspamadm dkim_keygen seguinte e cole no novo arquivo /etc/rspamd/keys/empresa.com.br/mail.private:
    -----BEGIN PRIVATE KEY-----
    MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBALGpV3MLDYla81E0
    wBoYWi6fDdRawv9CAWdVPvYY3hS08VRWce1aYAqhPpCqE/scPXZbJ2MbUE+/NzTM
    m0M6UnME61lG+TS24Qhu9RHQRPaHfjtFT1PNMBuw4S4OpVZOrk/U7Q8WZ7zxeJYG
    9JoklzKRK6KJZs5YwTU2BXQZ6GlrAgMBAAECgYBbRZl0s/f3We9pB8WtYldqXjJX
    p21IgBuCf8wB2JK3ZqIY5vROsUBoFaCz53yuZDq7RGc+xjiDT8RH7tnRNvRF4cM2
    NBS19DU3luo8+0h2EUuZ9aJBqAY4gGMYVQZj3H55nQLp35eBtyBk+jH3Ex9DHYgm
    lsugMq8d9sD2D4o+2QJBANwj2PaVj8puib3tgYD492t7pmyzRvoef12k5MTMp8dT
    +4fYwK49FuGgUnrlPuyj/7Hlcwzg2Cpr0emNHMEjbE8CQQDOmhQdbJATXD298vd/
    5Qc1e+4nfllQGb/7Ceppcsn8UFxCGJCozO0qFVlbXEVGPexntUkznrQJT15fZzg8
    v54lAkAICp8wUsJP6L3LXFOwvGd9W6T2r43WMSsB5rYcokU2uNClY7uWIdEmKM8a
    gilMR6ldfD45qDT9R7cBSxBT1dFtAkEAxHXgCtrhZoegbrBMimHPqRxgK04KwBC8
    bovPTNbLHBOOp4uUg+/a1tnWTvo/JbxcwYGySlPv/6ppo28UGzBbwQJBALfus80q
    S1ZCDfc0QhbALKA36ZwW+xRhKQO0bqyXhYmIDn/8MXUV5cOVYWWnADQvOUYRp1OU
    zj7x4cvRsxMIhi8=
    -----END PRIVATE KEY-----
  4. No servidor DNS master, copie a parte da saída do comando rspamadm dkim_keygen seguinte e cole no arquivo /var/named/master/empresa.com.br:
    mail._domainkey IN TXT ( "v=DKIM1; k=rsa; "
            "p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCxqVdzCw2JWvNRNMAaGFounw3UWsL/QgFnVT72GN4UtPFUVnHtWmAKoT6QqhP7HD12WydjG1BPvzc0zJtDOlJzBOtZRvk0tuEIbvUR0ET2h347RU9TzTAbsOEuDqVWTq5P1O0PFme88XiWBvSaJJcykSuiiWbOWME1NgV0GehpawIDAQAB" ) ;
  5. No servidor DNS master, reinicie o serviço named:
    systemctl restart named
  6. Reinicie o serviço rspamd:
    systemctl restart rspamd
  7. Edite o arquivo /etc/postfix/main.cf:
    milter_default_action = accept
    smtpd_milters         = inet:127.0.0.1:11332
    non_smtpd_milters     = inet:127.0.0.1:11332
    milter_protocol       = 6
  8. Reinicie o serviço postfix:
    systemctl restart postfix

DMARC:

  1. No servidor DNS master, adicione no arquivo /var/named/master/empresa.com.br:
    _dmarc          IN TXT "v=DMARC1; p=none; pct=100; rua=mailto:dmarc@empresa.com.br; sp=none; aspf=r;"
  2. No servidor DNS master, reinicie o serviço named:
    systemctl restart named
  3. Crie a conta de e-mail dmarc@empresa.com.br.
IP
3.235.179.111