« Recover plesk access
managing mysql binary logs »

exim and domainkeys on debian


Thanks for visiting! If you're new here, you may want to subscribe to my RSS feed. This blog posts regular information about web development, unix/linux, How-tos and patches. Go ahead, subscribe to my feed! You can also receive updates via email, instant messenger, skype or tweeter.

This post if a follow up on one of my previous posts that described how you can create a custom exim package on debian.

In this post I will show you how to compile and configure exim with domainkeys support. The configuration will be only for signing outgoing emails but it's easy to make it verify signed messages if you read the exim DomainKeys documentation

To do this first follow the steps described in my previous post and between steps 7 and 8 do these steps :

  1. install libdomainkeys:
    download from: domainkeys.sourceforge.net , extract and make:

     
tar -xzpf libdomainkeys-0.69.tar.gz
cd libdomainkeys-0.69
make
 

    if it doesn't compile with errors about resolv do this:

     
echo  '-lresolv' >  dns.lib
make
 

    to install just copy the static lib and the header files:

    cp libdomainkeys.a /usr/local/lib
cp domainkeys.h dktrace.h  /usr/local/include

    and then cleanup :

     
rm -rf libdomainkeys-0.69*
 
  2. Configure the exim custom package for domainkeys:
    add domainkeys support to exim makefile:

     
echo < <EOF > EDITME-exim4-custom
EXPERIMENTAL_DOMAINKEYS=yes
CFLAGS  += -I/usr/local/include
LDFLAGS += /usr/local/lib/libdomainkeys.a
EOF
 

    And now continue with step 8 in the previous post

When you're done all that's left to do is edit exim configuration to enable domain keys signing:

open /etc/exim4/exim4.conf  or /etc/exim4/exim4.conf.template  in an editor

look up for the remote_smtp transport definition and add the following configuration to it:

dk_domain = ${lc:${domain:$h_from:}}
dk_selector = default
dk_private_key = /etc/exim4/dk_keys/${dk_domain}_priv.key

Key management

create the directory that will hold the keys :

mkdir /etc/exim4/dk_keys

create the scripts that will generate and show the the keys :

 
cd /etc/exim4/dk_keys
cat < <EOF > gen_key.sh
#!/bin/sh
if [ "$1" = "" ] ; then
	echo "Usage: $0 domain_name";
	exit 1;
fi
openssl genrsa -out $1_priv.key 1024
openssl rsa -in $1_priv.key -pubout -out $1_pub.key
EOF
 
cat < <EOF > cat_key.sh
#!/bin/sh
domain=$1
p=$(echo $(cat ${domain}_pub.key )| \
sed -r -e 's/ //g' \
-e 's/-----BEGINPUBLICKEY-----//' \
-e 's/-----ENDPUBLICKEY-----//' )
echo default._domainkey IN TXT "\"k=rsa; t=s; p=$p\""
EOF
 
chmod +x gen_key.sh cat_key.sh
 

generate a key for a new domain:

 
cd /etc/exim4/dk_keys
# generate the keys
./gen_key.sh my_new_domain.tld
# show the DNS record that needs to be set
./cat_key.sh my_new_domain.tld
 

After you set the DNS TXT record you can test the new setup by sending an email from the newly configured domain to an account @ gmail or yahoo . At gmail view the new message and click on "details", it should show up as "signed-by: my_new_domain.tld" , yahoo will just show an icon with a key in the message header.

  • Digg
  • Reddit
  • del.icio.us
  • Slashdot
  • Spurl
  • StumbleUpon
  • Furl
  • description
  • Netscape
  • NewsVine
  • Technorati
  • YahooMyWeb
  • Simpy
If you enjoyed this post, you should subscribe to my full RSS Feeds

This entry was posted on Tuesday, September 9th, 2008 at 3:39 pm and is filed under Linux. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Viewing 4 Comments

close Reblog this comment
Powered by Disqus · Learn more
blog comments powered by Disqus

Creative Commons License
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 License

Technology Blogs - Blog Top Sites Search For Blogs, Submit Blogs, The Ultimate Blog Directory Blogarama - The Blog Directory 5starsblog Computers Blogs - Blog Flare blog search directory gob BlogHop