Wednesday, March 19, 2008

DKIM Wrapper that works for using dk with qmail

qmail-dk patch was not working on my qmail setup , there were some strange errors and it didn't signed an yota from mails that were going outside the server (and i lost 2 days with it)

please read the steps 4-5-6 for creating the keys the rest is just informative
http://jeremy.kister.net/howto/dk.html

so now i have use this perl+bash script that works

DKIM Wrapper

To sign all outbound messages with a DKIM and/or DomainKey, there are many alternatives. One is Russ Nelson's qmail-dk. While popular, it only handles DomainKeys, and doesn't sign all outbound messages, merely all *inbound* messages (that may then become outbound). Thus, things like bounce-messages cannot be signed, because they don't go through the usual qmail-smtpd/qmail-inject filters. Another way around this is to use a script wrapper around qmail-remote, like this. All you need to do is move the real qmail-remote to qmail-remote.orig and put that script in as qmail-remote (make sure it's readable and executable by everyone). The script uses two programs to do its job: the dktest program that comes with libdomainkeys and dkimsign.pl that comes with Perl's Mail::DKIM module. If you're interested in verifying DKIM and DomainKey signatures, a similar script that can be used in much the same way as Russ Nelson's program is here.

$cd /usr/local/src/libdomainkeys-0.68
$make
$cp dktest /usr/local/bin/
$cp dnstest /usr/local/bin/
$cp dknewkey /usr/local/bin/
$cp expected /usr/local/bin/
$cp makeheader /usr/local/bin/
$cd ..
$wget http://www.memoryhole.net/qmail/qmail-remote.sh
i have modified the relevant parths in the script
$vi qmail-remote.sh

$wget http://search.cpan.org/CPAN/authors/id/J/JA/JASLONG/Mail-DKIM-0.30.1.tar.gz
and installed the required cpan modules with
$sudo cpan
$tar -zxvf Mail-DKIM-0.30.1.tar.gz
$cd Mail-DKIM-0.30.1
$perl Makefile.PL
$make ; sudo make install
$cd script
$sudo mv * /usr/local/bin/
$cd /var/qmail/bin
$sudo mv qmail-remote qmail-remote.orig
$sudo cp /usr/local/src/qmail-remote.sh qmail-remote
$chmod +x qmail-remote
$chown root.qmail qmail-remote
$qmailctl restart

modify the private.key fixed path from /usr/local/bin/dkimsign.p to be your full private key
/etc/domainkeys/example.com/default

send emails and watch the headers
tail -f -n 500 /var/log/qmail/current

now you should modify the dns , here are some tips


http://wiki.qmailtoaster.com/index.php/Domainkeys

No comments: