Search:  
Gentoo Wiki

Qmail_domain_keys

Image:QmailLogo.jpg

Qmail Gentoo-Wiki How-To's

The Site: Qmail.org

Other Gentoo-wiki Qmail

edit


Please format this article according to the guidelines and Wikification suggestions, then remove this notice {{Wikify}} from the article


Contents

Installation

Bolded text means you should add the information relevant to your setup.


1) emerge netqmail and set it up

2) emerge openssl

3) emerge libdomainkeys

4) emerge perl

Unfortunately there is no ebuild for qmail-dk so you will need to download the qmail source code and qmail-dk patch to build qmail-dk.

5) cd /usr/local/src/

6) wget http://cr.yp.to/software/qmail-1.03.tar.gz

7) wget http://www.qmail.org/qmail-1.03-dk-0.54.patch

8) tar -zxvf qmail-1.03.tar.gz

9) patch -d qmail-1.03/ < qmail-1.03-dk-0.54.patch

10) cp /usr/include/domainkeys.h /usr/local/src

11) cp /usr/lib/libdomainkeys.a /usr/local/src

12) cd qmail-1.03

13) Edit conf-cc and add the following

  cc -O2 -include /usr/include/errno.h
   

14) Type make

  make 
   

It may fail but qmail-dk should have been created which is all that is needed.

15) cp qmail-dk /var/qmail/bin/

16) chown qmailq /var/qmail/bin/qmail-dk

17) chmod 4711 /var/qmail/bin/qmail-dk

Setting up your RSA key pair

1) mkdir -p /etc/domainkeys/example.com/

2) cd /etc/domainkeys/example.com/

3) openssl genrsa -out rsa.private 768

4) openssl rsa -in rsa.private -out rsa.public -pubout -outform PEM

5) mv rsa.private default

6) chown -R qmailq /etc/domainkeys

7) chmod 0600 default

8) Make your public domainkey with the following command

  grep -v ^- rsa.public | perl -e 'while(<>){chop;$l.=$_;}print "t=y; p=$l;\n";'


Create a TXT record for your DNS using BIND

1) Edit your /var/bind/example.com.hosts file. The following is two separate lines.

  _domainkey.example.com. IN TXT "t=y; o=-"
  default._domainkey.example.com. IN TXT "t=y; k=rsa; p=enter your public key from step 8 just above"

Modify /etc/tcprules.d/tcp.qmail-smtp

  nano /etc/tcprules.d/tcp.qmail-smtp

Where it says

  127.0.0.1:allow,RELAYCLIENT="",RBLSMTPD=""

add the following so it looks like this

  127.0.0.1:allow,RELAYCLIENT="",RBLSMTPD="",DKSIGN="/etc/domainkeys/example.com/default",QMAILQUEUE="/var/qmail/bin/qmail-dk"

then run

  tcprules /etc/tcprules.d/tcp.qmail-smtp.cdb /etc/tcprules.d/.tcp.qmail-smtp.tmp < /etc/tcprules.d/tcp.qmail-smtp

Modify /etc/tcprules.d/tcp.qmail-qmtp

  nano /etc/tcprules.d/tcp.qmail-qmtp

Where it says

  127.0.0.1:allow,RELAYCLIENT="",RBLSMTPD=""

add the following so it looks like this

  127.0.0.1:allow,RELAYCLIENT="",RBLSMTPD="",DKSIGN="/etc/domainkeys/example.com/default",QMAILQUEUE="/var/qmail/bin/qmail-dk"

Then run

  tcprules /etc/tcprules.d/tcp.qmail-qmtp.cdb /etc/tcprules.d/.tcp.qmail-qmtp.tmp < /etc/tcprules.d/tcp.qmail-qmtp

Restart bind and qmail

  /etc/init.d/named restart
  /etc/inid.d/svscan restart

Testing your new domainkey

You can test your new domainkey at these two websites.

1) http://senderid.espcoalition.org/

2) http://domainkeys.sourceforge.net/policycheck.html

Conclusion

Once you have everything working and the tests pass you can remove the following from your /var/bind/example.com.hosts file

  t=y;

The t=y; means that your domain is in testing mode. After you remove it remember to restart bind

  /etc/init.d/named restart

Also be aware that your key may not work right away. You have to wait for your DNS information to propogate around the world.

Retrieved from "http://www.gentoo-wiki.info/Qmail_domain_keys"

Last modified: Sun, 08 Jun 2008 19:45:00 +0000 Hits: 2,491