Qmail_domain_keys
Please format this article according to the guidelines and Wikification suggestions, then remove this notice {{Wikify}} from the article
Contents |
Installation
Bolded text means you should add the information relevant to your setup.
1) emerge netqmail and set it up
2) emerge openssl
3) emerge libdomainkeys
4) emerge perl
Unfortunately there is no ebuild for qmail-dk so you will need to download the qmail source code and qmail-dk patch to build qmail-dk.
5) cd /usr/local/src/
6) wget http://cr.yp.to/software/qmail-1.03.tar.gz
7) wget http://www.qmail.org/qmail-1.03-dk-0.54.patch
8) tar -zxvf qmail-1.03.tar.gz
9) patch -d qmail-1.03/ < qmail-1.03-dk-0.54.patch
10) cp /usr/include/domainkeys.h /usr/local/src
11) cp /usr/lib/libdomainkeys.a /usr/local/src
12) cd qmail-1.03
13) Edit conf-cc and add the following
cc -O2 -include /usr/include/errno.h
14) Type make
make
It may fail but qmail-dk should have been created which is all that is needed.
15) cp qmail-dk /var/qmail/bin/
16) chown qmailq /var/qmail/bin/qmail-dk
17) chmod 4711 /var/qmail/bin/qmail-dk
Setting up your RSA key pair
1) mkdir -p /etc/domainkeys/example.com/
2) cd /etc/domainkeys/example.com/
3) openssl genrsa -out rsa.private 768
4) openssl rsa -in rsa.private -out rsa.public -pubout -outform PEM
5) mv rsa.private default
6) chown -R qmailq /etc/domainkeys
7) chmod 0600 default
8) Make your public domainkey with the following command
grep -v ^- rsa.public | perl -e 'while(<>){chop;$l.=$_;}print "t=y; p=$l;\n";'
Create a TXT record for your DNS using BIND
1) Edit your /var/bind/example.com.hosts file. The following is two separate lines.
_domainkey.example.com. IN TXT "t=y; o=-" default._domainkey.example.com. IN TXT "t=y; k=rsa; p=enter your public key from step 8 just above"
Modify /etc/tcprules.d/tcp.qmail-smtp
nano /etc/tcprules.d/tcp.qmail-smtp
Where it says
127.0.0.1:allow,RELAYCLIENT="",RBLSMTPD=""
add the following so it looks like this
127.0.0.1:allow,RELAYCLIENT="",RBLSMTPD="",DKSIGN="/etc/domainkeys/example.com/default",QMAILQUEUE="/var/qmail/bin/qmail-dk"
then run
tcprules /etc/tcprules.d/tcp.qmail-smtp.cdb /etc/tcprules.d/.tcp.qmail-smtp.tmp < /etc/tcprules.d/tcp.qmail-smtp
Modify /etc/tcprules.d/tcp.qmail-qmtp
nano /etc/tcprules.d/tcp.qmail-qmtp
Where it says
127.0.0.1:allow,RELAYCLIENT="",RBLSMTPD=""
add the following so it looks like this
127.0.0.1:allow,RELAYCLIENT="",RBLSMTPD="",DKSIGN="/etc/domainkeys/example.com/default",QMAILQUEUE="/var/qmail/bin/qmail-dk"
Then run
tcprules /etc/tcprules.d/tcp.qmail-qmtp.cdb /etc/tcprules.d/.tcp.qmail-qmtp.tmp < /etc/tcprules.d/tcp.qmail-qmtp
Restart bind and qmail
/etc/init.d/named restart /etc/inid.d/svscan restart
Testing your new domainkey
You can test your new domainkey at these two websites.
1) http://senderid.espcoalition.org/
2) http://domainkeys.sourceforge.net/policycheck.html
Conclusion
Once you have everything working and the tests pass you can remove the following from your /var/bind/example.com.hosts file
t=y;
The t=y; means that your domain is in testing mode. After you remove it remember to restart bind
/etc/init.d/named restart
Also be aware that your key may not work right away. You have to wait for your DNS information to propogate around the world.
Browse categories > Applications > Mail server > Qmail
Browse categories > Gentoo Linux Wiki > Wiki maintenance > Wikify
Created by NickStallman.net, Luxury Homes Australia
Real estate agents should be using interactive floor plans and list their apartments, townhouses and units.