Addition/Configure dk-filter to sign emails with Domainkeys - Revision history http://iredmail.org/wiki/index.php?title=Addition/Configure_dk-filter_to_sign_emails_with_Domainkeys&action=history Revision history for this page on the wiki en MediaWiki 1.15.5 Fri, 24 May 2013 15:06:07 GMT Derchris at 16:23, 5 April 2010 http://iredmail.org/wiki/index.php?title=Addition/Configure_dk-filter_to_sign_emails_with_Domainkeys&diff=230&oldid=prev <p></p> <table style="background-color: white; color:black;"> <col class='diff-marker' /> <col class='diff-content' /> <col class='diff-marker' /> <col class='diff-content' /> <tr valign='top'> <td colspan='2' style="background-color: white; color:black;">← Older revision</td> <td colspan='2' style="background-color: white; color:black;">Revision as of 16:23, 5 April 2010</td> </tr> <tr><td colspan="2" class="diff-lineno">Line 12:</td> <td colspan="2" class="diff-lineno">Line 12:</td></tr> <tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr> <tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>;; ANSWER SECTION:</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>;; ANSWER SECTION:</div></td></tr> <tr><td class='diff-marker'>-</td><td style="background: #ffa; color:black; font-size: smaller;"><div>dk._domainkey.&lt;domain&gt;. 3600 IN&nbsp; &nbsp; &nbsp; TXT&nbsp; &nbsp; &quot;k=rsa\; t=y\; p=<del class="diffchange diffchange-inline">MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDq4XiKzLKI/biXkAHM3smiSnsJ1FOLjlTrrH1CJfh0SOnBjR1YcNfCWnGyQFLdyUbdGj4AMEJIr8/jZszDgSLTFDYxPh2Yl0BDcfXhldLXq1yAJYB8k4JYOwoDINnXV26asjtfEH0NH0v9ue/lifc69zuGuJ2j3VFqBPD1+03QSwIDAQAB</del>&quot;</div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div>dk._domainkey.&lt;domain&gt;. 3600 IN&nbsp; &nbsp; &nbsp; TXT&nbsp; &nbsp; &quot;k=rsa\; t=y\; p=<ins class="diffchange diffchange-inline">Long RSA key</ins>&quot;</div></td></tr> <tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>&lt;/pre&gt;}}</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>&lt;/pre&gt;}}</div></td></tr> <tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr> <!-- diff generator: internal 2013-05-24 15:06:07 --> </table> Mon, 05 Apr 2010 16:23:19 GMT Derchris http://iredmail.org/wiki/index.php?title=Talk:Addition/Configure_dk-filter_to_sign_emails_with_Domainkeys Derchris:&#32;*/ derchris */ - Added dk-filter setup Page http://iredmail.org/wiki/index.php?title=Addition/Configure_dk-filter_to_sign_emails_with_Domainkeys&diff=229&oldid=prev <p>*/ derchris */ - Added dk-filter setup Page</p> <p><b>New page</b></p><div>=Check DNS settings=<br /> <br /> First check that Domainkeys is setup ok in DNS<br /> <br /> {{cmd|&lt;pre&gt;<br /> #dig _domainkey.&lt;domain&gt; TXT<br /> <br /> ;; ANSWER SECTION:<br /> _domainkey.&lt;domain&gt;. 3600 IN TXT &quot;t=y\; o=-&quot;<br /> <br /> #dig dk._domainkey.&lt;domain&gt; TXT<br /> <br /> ;; ANSWER SECTION:<br /> dk._domainkey.&lt;domain&gt;. 3600 IN TXT &quot;k=rsa\; t=y\; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDq4XiKzLKI/biXkAHM3smiSnsJ1FOLjlTrrH1CJfh0SOnBjR1YcNfCWnGyQFLdyUbdGj4AMEJIr8/jZszDgSLTFDYxPh2Yl0BDcfXhldLXq1yAJYB8k4JYOwoDINnXV26asjtfEH0NH0v9ue/lifc69zuGuJ2j3VFqBPD1+03QSwIDAQAB&quot;<br /> &lt;/pre&gt;}}<br /> <br /> In this example, I created a _domainkey DNS TXT entry with &quot;t=y; o=-&quot;, and a Selector dk._domainkey with &quot;k=rsa t=y p=&lt;RSA Key&gt;&quot;<br /> The RSA key is the same as for DKIM, which is already setup via Amavis<br /> <br /> =Install dk-filter=<br /> <br /> Install dk-filter<br /> <br /> {{cmd|&lt;pre&gt;<br /> #apt-get install dk-filter <br /> &lt;/pre&gt;}}<br /> <br /> <br /> =Check dk-filter user/group=<br /> <br /> Check if dk-filter user/group has been added<br /> <br /> {{cmd|&lt;pre&gt;<br /> #grep dk-filter /etc/passwd<br /> dk-filter:x:125:132::/var/run/dk-filter:/bin/false<br /> <br /> #grep dk-filter /etc/group<br /> dk-filter:x:132: <br /> &lt;/pre&gt;}}<br /> <br /> If not, create the user/group, with /var/run/dk-filter as home dir.<br /> <br /> =Configure dk-filter=<br /> <br /> Open /etc/default/dk-filter:<br /> {{cfg|/etc/default/dk-filter |&lt;pre&gt;<br /> # Sane defaults: log to syslog<br /> DAEMON_OPTS=&quot;-l&quot;<br /> DAEMON_OPTS=&quot;$DAEMON_OPTS -b s -c simple -d &lt;domain&gt; -D -h -m ORIGINATING -s /var/lib/dkim/&lt;domain&gt;.pem -S &lt;selector&gt;&quot;<br /> SOCKET=&quot;inet:4445@127.0.0.1&quot;<br /> &lt;/pre&gt;}}<br /> <br /> dk-filter will sign mails on 127.0.0.1:4445 for Domain &lt;domain&gt;, with keys from /var/lib/dkim/&lt;domain&gt;.pem using Selector &lt;selector&gt;<br /> You need to change this to your environment (domain, selector)<br /> <br /> =Configure postfix=<br /> <br /> Open /etc/postfix/master.conf, and go down to the Amavis smtpd<br /> {{cfg|/etc/postfix/master.conf |&lt;pre&gt;<br /> 127.0.0.1:10025 inet n - - - - smtpd<br /> -o content_filter=<br /> -o milter_default_action=accept<br /> -o milter_macro_daemon_name=ORIGINATING<br /> -o smtpd_milters=inet:127.0.0.1:4445 # Add this to the Postfix config<br /> -o local_recipient_maps=<br /> -o relay_recipient_maps=<br /> -o smtpd_restriction_classes=<br /> -o smtpd_delay_reject=no<br /> -o smtpd_client_restrictions=permit_mynetworks,reject<br /> -o smtpd_helo_restrictions=<br /> -o smtpd_sender_restrictions=<br /> -o smtpd_recipient_restrictions=permit_mynetworks,reject<br /> -o mynetworks_style=host<br /> -o mynetworks=127.0.0.0/8<br /> -o strict_rfc821_envelopes=yes<br /> -o smtpd_error_sleep_time=0<br /> -o smtpd_soft_error_limit=1001<br /> -o smtpd_hard_error_limit=1000<br /> -o smtpd_client_connection_count_limit=0<br /> -o smtpd_client_connection_rate_limit=0<br /> -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_address_mappings<br /> &lt;/pre&gt;}}<br /> <br /> =Start dk-filter=<br /> <br /> Start dk-filter, and then restart Postfix<br /> {{cmd|&lt;pre&gt;<br /> #/etc/init.d/dk-filter start<br /> &lt;/pre&gt;}}<br /> <br /> Check if dk-filter is running<br /> <br /> Then restart Postfix<br /> {{cmd|&lt;pre&gt;<br /> #/etc/init.d/postfix restart<br /> &lt;/pre&gt;}}<br /> <br /> =Test Domainkeys=<br /> <br /> Domainkeys should now be working.<br /> In order to test it, send a blank email to:<br /> <br /> check-auth@verifier.port25.com<br /> <br /> Wait for the reply. It should show like this<br /> <br /> &lt;pre&gt;<br /> ==========================================================<br /> Summary of Results<br /> ==========================================================<br /> SPF check: pass<br /> DomainKeys check: pass<br /> DKIM check: pass<br /> Sender-ID check: pass<br /> SpamAssassin check: ham<br /> &lt;/pre&gt;</div> Mon, 05 Apr 2010 16:22:25 GMT Derchris http://iredmail.org/wiki/index.php?title=Talk:Addition/Configure_dk-filter_to_sign_emails_with_Domainkeys