PatchLog
exim and domainkeys on debian
This post if a follow up on one of my previous posts that described how you can create a custom exim package on debian.
In this post I will show you how to compile and configure exim with domainkeys support. The configuration will be only for signing outgoing emails but it's easy to make it verify signed messages if you read the exim DomainKeys documentation
To do this first follow the steps described in my previous post and between steps 7 and 8 do these steps :
- install libdomainkeys:
download from: domainkeys.sourceforge.net , extract and make:tar -xzpf libdomainkeys-0.69.tar.gz cd libdomainkeys-0.69 make
if it doesn't compile with errors about resolv do this:
echo '-lresolv' > dns.lib make
to install just copy the static lib and the header files:
cp libdomainkeys.a /usr/local/lib cp domainkeys.h dktrace.h /usr/local/include
and then cleanup :
rm -rf libdomainkeys-0.69*
- Configure the exim custom package for domainkeys:
add domainkeys support to exim makefile:echo < <EOF > EDITME-exim4-custom EXPERIMENTAL_DOMAINKEYS=yes CFLAGS += -I/usr/local/include LDFLAGS += /usr/local/lib/libdomainkeys.a EOF
And now continue with step 8 in the previous post
When you're done all that's left to do is edit exim configuration to enable domain keys signing:
open /etc/exim4/exim4.conf or /etc/exim4/exim4.conf.template in an editor
look up for the remote_smtp transport definition and add the following configuration to it:
dk_domain = ${lc:${domain:$h_from:}}
dk_selector = default
dk_private_key = /etc/exim4/dk_keys/${dk_domain}_priv.key
Key management
create the directory that will hold the keys :
mkdir /etc/exim4/dk_keys
create the scripts that will generate and show the the keys :
cd /etc/exim4/dk_keys cat < <EOF > gen_key.sh #!/bin/sh if [ "$1" = "" ] ; then echo "Usage: $0 domain_name"; exit 1; fi openssl genrsa -out $1_priv.key 1024 openssl rsa -in $1_priv.key -pubout -out $1_pub.key EOF cat < <EOF > cat_key.sh #!/bin/sh domain=$1 p=$(echo $(cat ${domain}_pub.key )| \ sed -r -e 's/ //g' \ -e 's/-----BEGINPUBLICKEY-----//' \ -e 's/-----ENDPUBLICKEY-----//' ) echo default._domainkey IN TXT "\"k=rsa; t=s; p=$p\"" EOF chmod +x gen_key.sh cat_key.sh
generate a key for a new domain:
cd /etc/exim4/dk_keys # generate the keys ./gen_key.sh my_new_domain.tld # show the DNS record that needs to be set ./cat_key.sh my_new_domain.tld
After you set the DNS TXT record you can test the new setup by sending an email from the newly configured domain to an account @ gmail or yahoo . At gmail view the new message and click on "details", it should show up as "signed-by: my_new_domain.tld" , yahoo will just show an icon with a key in the message header.
debian: building custom exim packages
This is a small howto that explains how to build custom exim4 packages on debian.
It was tested with both exim 4.63 ( on debian etch ) and exim 4.69 ( on debian testing/lenny ) .
I needed to build a custom exim email server that would be built with domainkeys and/or dkim support for signing outgoing messages.
So here are the 12 steps I took to get this done:
- Create a directory named exim where all activity will take place.
- Make sure you have the 'source' URIs in your source.list file.
If you don't have them put them in and then run apt-get update - Install packages required for creating a custom package and building it:
apt-get install dpatch fakeroot devscripts \ grep-dctrl debhelper gcc libc6-dev libssl-dev pbuilder
- Install exim4 source package:
cd exim apt-get source exim4
- unpack standard configuration files:
cd exim4-4.63 fakeroot debian/rules unpack-configs
- Define the new package name. In this step we just put the new package name in a variable and export it in the environment to make the next steps easier. You can use anything for the package name ( actually it's just a package name suffix ) but I recommend using 'custom' for the package name for one main reason: dependencies. Packages that depend on exim4-daemon-light or exim4-daemon-heavy (like sa-exim, mailx and maybe others ) already accept exim4-daemon-custom as a replacement so with this custom package you're not breaking any dependencies.
Ex:export my_pkg_name=custom
- Edit configuration files. There should be 3 EDITME configuration files for exim and one for eximon, one for each package that will be built. Copy one of the exim EDITME file to EDITME.exim4-$your_pkg_name then edit the new file to set up the new options you want.
Ex:cp EDITME.exim4-heavy EDITME.exim4-$my_pkg_name
- pack the configuration files so your new configuration will be saved and used at build time:
fakeroot debian/rules pack-configs
- Create the custom package. This is required only if you use a package name other then 'custom':
sh debian/create-custom-package $my_pkg_name
- Activate the new package in debian/rules. Edit debian/rules and look for the line where the extradaemonpackages variable is defined and add your package name ( exim4-daemon-$my_pkg_name ) to the list of packages defined there.
- Install build dependencies. You can skip this step if this is not the first time you build this package.
/usr/lib/pbuilder/pbuilder-satisfydepends
- Build the packages:
debuild -us -uc
- Install the new package. if you already had some version of the exim4-daemon package installed you will have to remove it first and then you can install the custom package. The new package will be in the base directory created at step 1.
Ex. (for amd64 etch exim 4.63-17 ) :cd .. dpkg -i exim4-daemon-${my_pkg_name}_4.63-17_amd64.deb
This process went pretty well for both exim 4.63 and 4.69 on lenny. Exim 4.63 only had experiemental support for domainkeys ( not dkim ) and exim 4.69 on lenny had support for both but I was only able to build it after applying a small patch to exim to make it work with the latest version of libdkim ( 1.0.19 ) .
This post was intended to be a general howto about building a custom exim package. I will write more details about actually building exim with domainkeys and/or dkim in a future post.
Subscribe
Social Homes
PatchLog Sponsors
