E5 设置 DKIM DMARC
最新版设置exchange online有所变化,记录,便于日后查看。
##DKIM
#有可能要提供winrm服务,启动Windows Remote Management (WS-Management)即可。
winrm get winrm/config/client/auth
查看auth basic 状态为true即可。
#允许脚本指令 需要管理员权限,输入A,全部是。
Set-ExecutionPolicy RemoteSigned
#提供登录管道 用子账户(管理员)登录
$UserCredential = Get-Credential
#运行以下命令连接到Exchange Online:
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection
#这一步报错了,提示,
New-PSSession : [outlook.office365.com] 连接到远程服务器 outlook.office365.com 失败,并显示以下错误消息: 拒绝访问。 有 关详细信息,请参阅 about_Remote_Troubleshooting 帮助主题。 所在位置 行:1 字符: 12 + $Session = New-PSSession -ConfigurationName Microsoft.Exchange -Conne ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : OpenError: (System.Manageme....RemoteRunspace:RemoteRunspace) [New-PSSession], PSRemotin
gTransportException
+ FullyQualifiedErrorId : AccessDenied,PSSessionOpenFailed
很显然,没有登录成功。
#如果上一步成功了,就输入
Import-PSSession $Session -DisableNameChecking
#可能需要查看module,
Get-Module
#可能需要安装module,
Import-Module ExchangeOnlineManagement
#产生上面报错,就是连接到exchange online出了问题,因为账户安全原因,需要验证手机短信。所以,需要选择别的验证方式。
Connect-ExchangeOnline -UserPrincipalName admin@ma.ge
弹出登录界面,输入密码,输入短信验证码即可。
#参见链接https://docs.microsoft.com/en-us/powershell/exchange/connect-to-exchange-online-powershell?view=exchange-ps
#运行以下命令以创建选择器目录:
New-DkimSigningConfig -DomainName ma.ge -Enabled $false
# 下面这条命令会给出创建cname的值
Get-DkimSigningConfig -Identity ma.ge | Format-List Selector1CNAME, Selector2CNAME
Selector1CNAME : selector1-ma-ge._domainkey.martinmar.onmicrosoft.com
Selector2CNAME : selector2-ma-ge._domainkey.martinmar.onmicrosoft.com
添加到域名dns CNAME中即可,对应name为 selector1._domainkey selector2._domainkey
视频中的退出指令(断开Powershell与微软的连接)
Remove-PSSession $Session
#两条 CNAME 名称
selector1._domainkey
selector2._domainkey
激活启用DKIM
https://protection.office.com/dkimv2
##DMARC
添加txt
主机记录:_dmarc
记录值:v=DMARC1; p=none; pct=100
v:标示DMARC的版本,值应当始终为DMARC1。
p:用于告知收件方,当检测到某邮件存在伪造我(发件人)的情况,收件方要做出什么处理,处理方式从轻到重依次为:none为不作任何处理;quarantine为将邮件标记为垃圾邮件;reject为拒绝该邮件。一般建议设置为none,即便设置为none对方邮局也会进行合理的操作。
pct:表示域名所有者邮件流中应用DMARC策略的消息百分比,一般设置为100即可
#进行邮件测试,https://www.mail-tester.com/参考链接:
https://docs.microsoft.com/en-us/microsoft-365/enterprise/connect-to-all-microsoft-365-services-in-a-single-windows-powershell-window?view=o365-worldwide
https://docs.microsoft.com/en-us/powershell/exchange/connect-to-exchange-online-powershell?view=exchange-ps
https://blog.csdn.net/iteye_14920/article/details/82581500
https://www.wanghaiqing.com/article/062cbb3a-0f56-4e79-a078-40426cc1e811/
https://docs.microsoft.com/en-us/powershell/exchange/connect-to-exchange-servers-using-remote-powershell?view=exchange-ps
https://qyi.io/archives/739.html
https://eastern.moe/887/
https://docs.microsoft.com/zh-cn/powershell/exchange/disable-access-to-exchange-online-powershell?view=exchange-ps
https://docs.microsoft.com/zh-cn/microsoft-365/security/office-365-security/use-dkim-to-validate-outbound-email?view=o365-worldwide
https://docs.microsoft.com/zh-cn/powershell/exchange/disable-access-to-exchange-online-powershell?view=exchange-ps
https://blog.hanada.info/5369.html
https://syy.hk/archives/1908.html
https://docs.microsoft.com/zh-cn/microsoft-365/security/office-365-security/use-dkim-to-validate-outbound-email?view=o365-worldwide#Publish2CNAME
https://www.huaweicloud.com/articles/8ca2910761cbabd0f484f72376294e59.html
https://www.bilibili.com/video/av543895678/
https://www.hostloc.com/thread-531743-1-1.html
https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/use-dkim-to-validate-outbound-email?view=o365-worldwide