![]()
Exim and Domainkeys
You may need to use Domainkeys for verifying emails and having them verified by Domainkeys-compatible mailservers (i.e., Yahoo.). Just do the following:
1.) Download the libdomainkeys library from: http://sourceforge.net/projects/domainkeys/
2.) Untar into atmail, then use make:
% tar xvfz libdomainkeys-0.69.tgz -C /usr/local/atmail/mailserver/; cd /usr/local/atmail/mailserver/libdomainkeys-0.69 % make
3.) If you have problems with dns_text, run:
% echo "-lresolv" > dns.lib; make
4.) Then, edit your Exim Makefile. This should be /usr/local/atmail/server_source/exim-4.69/Local/Makefile
5.) Add the following to the file:
EXPERIMENTAL_DOMAINKEYS=yes CFLAGS += -I/usr/local/atmail/mailserver/libdomainkeys-0.69 LDFLAGS += -ldomainkeys -L/usr/local/atmail/mailserver/libdomainkeys-0.69
6.) Find this, afterwards, in the file:LOOKUP_LIBS=-L/usr/lib/mysql -lmysqlclient
7.) Change to:
LOOKUP_LIBS=-L/usr/lib/mysql -L/usr/lib/ -lssl -lmysqlclient
8.) Then, go to /usr/local/atmail/server_source/exim-4.69, and rebuild Exim:
% cd /usr/local/atmail/server_source/exim-4.69 % make && make install
9.) Afterwards, open up your /usr/local/atmail/mailserver/configure file. Find:
remote_smtp:
driver = smtp
10.) Change this to:
remote_smtp:
driver = smtp
dk_selector = myselector
dk_private_key = /usr/local/atmail/mailserver/dk/rsa.private
dk_canon = nofws
11.) Afterwards, create your keys:
% cd /usr/local/atmail/mailserver % mkdir dk; chown atmail dk % openssl genrsa -out rsa.private 768 % openssl rsa -in rsa.private -out rsa.public -pubout -outform PEM
11.) Now, edit your named file for your domain in the server where your nameserver resides. For example: /var/named/yourdomain.
12.) Below the IN MX declaration, add:
_domainkey.yourdomain.com. IN TXT "t=y; o=-" myselector._domainkey.yourdomain.com. IN TXT "k=rsa; t=y; p=[PUBLIC KEY]"
13.) Make sure you replace [PUBLIC KEY] with the contents of your /usr/local/atmail/mailserver/dk/rsa.public, without the end and beginning tags. For example, if your public key contains:
-----BEGIN PUBLIC KEY----- MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhAL83KwACMaPsBvxqvdZM0UkSgZUDvjn8 r5xQAq9+Z46VGqH0fXbGLMAuvDX1ZMT2Pl62TUBvFcnGgmXVvbcr2iXBbWOhjGwZ X5idkca3caB9+ZcT8dHJl4lnGTu8h4QWVQIDAQAB -----END PUBLIC KEY-----
Your record should look like:
_domainkey.yourdomain.com. IN TXT "t=y; o=-" myselector._domainkey.yourdomain.com. IN TXT "k=rsa; t=y; p=MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhAKJ2lzDLZ8XlVambQfMXn3LRGKOD5o6lMIgulclWjZwP56LRqdg5ZX15bhc/GsvW8xW/R5Sh1NnkJNyL/cqY1a+GzzL47t7EXzVc+nRLWT1kwTvFNGIoAUsFUq+J6+OprwIDAQAB"
14.) Alter the serial, save the file, and restart named.
15.) Edit your named.conf file. In most installations, this is in /etc/named.conf. Add this to the options section:
check-names master ignore;
16.) So it should look like:
options {
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
check-names master ignore;
};
This allows the "_" character in the records.
17.) Save changes. Restart @Mail on the @Mail server:
% /etc/init.d/atmailserver restart