Tag Archives: exim

exim and domainkeys on debian

This post if a follow up on one of my previous posts that described how you can create a custom exim package on debian.

In this post I will show you how to compile and configure exim with domainkeys support. The configuration will be only for signing outgoing emails but it's easy to make it verify signed messages if you read the exim DomainKeys documentation

To do this first follow the steps described in my previous post and between steps 7 and 8 do these steps :

  1. install libdomainkeys:
    download from: domainkeys.sourceforge.net , extract and make:
    2. tar -xzpf libdomainkeys-0.69.tar.gz
    3. cd libdomainkeys-0.69
    4. make

    if it doesn't compile with errors about resolv do this:

    2. echo '-lresolv' > dns.lib
    3. make

    to install just copy the static lib and the header files:

    cp libdomainkeys.a /usr/local/lib
    cp domainkeys.h dktrace.h  /usr/local/include

    and then cleanup :

    2. rm -rf libdomainkeys-0.69*
  2. Configure the exim custom package for domainkeys:
    add domainkeys support to exim makefile:
    2. echo < <EOF > EDITME-exim4-custom
    4. CFLAGS  += -I/usr/local/include
    5. LDFLAGS += /usr/local/lib/libdomainkeys.a
    6. EOF

    And now continue with step 8 in the previous post

When you're done all that's left to do is edit exim configuration to enable domain keys signing:

open /etc/exim4/exim4.conf  or /etc/exim4/exim4.conf.template  in an editor

look up for the remote_smtp transport definition and add the following configuration to it:

dk_domain = ${lc:${domain:$h_from:}}
dk_selector = default
dk_private_key = /etc/exim4/dk_keys/${dk_domain}_priv.key

Key management

create the directory that will hold the keys :

mkdir /etc/exim4/dk_keys

create the scripts that will generate and show the the keys :

  2. cd /etc/exim4/dk_keys
  3. cat < <EOF > gen_key.sh
  4. #!/bin/sh
  5. if [ "$1" = "" ] ; then
  6. echo "Usage: $0 domain_name";
  7. exit 1;
  8. fi
  9. openssl genrsa -out $1_priv.key 1024
  10. openssl rsa -in $1_priv.key -pubout -out $1_pub.key
  11. EOF
  13. cat < <EOF > cat_key.sh
  14. #!/bin/sh
  15. domain=$1
  16. p=$(echo $(cat ${domain}_pub.key )| \
  17. sed -r -e 's/ //g' \
  18. -e 's/-----BEGINPUBLICKEY-----//' \
  19. -e 's/-----ENDPUBLICKEY-----//' )
  20. echo default._domainkey IN TXT "\"k=rsa; t=s; p=$p\""
  21. EOF
  23. chmod +x gen_key.sh cat_key.sh

generate a key for a new domain:

  2. cd /etc/exim4/dk_keys
  3. # generate the keys
  4. ./gen_key.sh my_new_domain.tld
  5. # show the DNS record that needs to be set
  6. ./cat_key.sh my_new_domain.tld

After you set the DNS TXT record you can test the new setup by sending an email from the newly configured domain to an account @ gmail or yahoo . At gmail view the new message and click on "details", it should show up as "signed-by: my_new_domain.tld" , yahoo will just show an icon with a key in the message header.

debian: building custom exim packages

This is a small howto that explains how to build custom exim4 packages on debian.

It was tested with both exim 4.63 ( on debian etch ) and exim 4.69 ( on debian testing/lenny ) .

I needed to build a custom exim email server that would be built with domainkeys and/or dkim support for signing outgoing messages.

So here are the 12 steps I took to get this done:

  1. Create a directory named exim where all activity will take place.
  2. Make sure you have the 'source' URIs in your source.list file.
    If you don't have them put them in  and then run apt-get update
  3. Install packages required for creating a custom package and building it:
    1. apt-get install dpatch fakeroot devscripts \
    2. grep-dctrl debhelper gcc libc6-dev libssl-dev pbuilder
  4. Install exim4 source package:
    1. cd exim
    2. apt-get source exim4
  5. unpack standard configuration files:
    1. cd exim4-4.63
    2. fakeroot debian/rules unpack-configs
  6. Define the new package name. In this step we just put the new package name in a variable and export it in the environment to make the next steps easier. You can use anything for the package name ( actually it's just a package name suffix ) but I recommend using 'custom' for the package name for one main reason: dependencies. Packages that depend on exim4-daemon-light or exim4-daemon-heavy (like sa-exim, mailx and maybe others ) already accept exim4-daemon-custom as a replacement so with this custom package you're not breaking any dependencies.
    1. export my_pkg_name=custom
  7. Edit configuration files. There should be 3 EDITME configuration files for exim and one for eximon, one for each package that will be built. Copy one of the exim EDITME file to EDITME.exim4-$your_pkg_name then edit the new file to set up the new options you want.
    1. cp EDITME.exim4-heavy EDITME.exim4-$my_pkg_name
  8. pack the configuration files so your new configuration will be saved and used at build time:
    1. fakeroot debian/rules pack-configs
  9. Create the custom package. This is required only if you use a package name other then 'custom':
    1. sh debian/create-custom-package $my_pkg_name
  10. Activate the new package in debian/rules. Edit debian/rules and look for the line where the extradaemonpackages variable is defined and add your package name ( exim4-daemon-$my_pkg_name ) to the list of packages defined there.
  11. Install build dependencies. You can skip this step if this is not the first time you build this package.
    2. /usr/lib/pbuilder/pbuilder-satisfydepends
  12. Build the packages:
    2. debuild -us -uc
  13. Install the new package. if you already had some version of the exim4-daemon package installed you will have to remove it first and then you can install the custom package. The new package will be in the base directory created at step 1.
    Ex. (for amd64 etch exim 4.63-17 ) :
    1. cd ..
    2. dpkg -i exim4-daemon-${my_pkg_name}_4.63-17_amd64.deb

This process went pretty well for both exim 4.63 and 4.69 on lenny. Exim 4.63 only had experiemental support for domainkeys ( not dkim ) and exim 4.69 on lenny had support for both but I was only able to build it after applying a small patch to exim to make it work with the latest version of libdkim ( 1.0.19 ) .

This post was intended to be a general howto about building a custom exim package. I will write more details about actually building exim with domainkeys and/or dkim in a future post.