neil.hearn
Verified User
- Joined
- Jan 21, 2010
- Messages
- 6
Just so everyone has a point of reference:
Here is how I have Exim setup to sign all outgoing mail and check incomming.
in exim.conf:
add
just below
Then add this in the ACL Section - generally below check_helo:
then in the transport section - under driver = smtp add:
then create the following script:
The usage would be:
Then for each domain you have, run the script. Or add it to the post_process part of da for domain creation.
of course - if you have lots of domains you could run:
in the /etc/virtual directory. that is assuming you have chmodded add_dkim to 0755 and placed it in the executable path.
This is how I set this up - and hope it works well for others.
I'm sorry if this all looks very untidy and hacky. I am not really a liux sysadmin or anything (as you can probably tell). I am learning slowly.
Any improvments are more than welcome!
Thanks all
Neil.
Here is how I have Exim setup to sign all outgoing mail and check incomming.
in exim.conf:
add
PHP:
acl_smtp_dkim = acl_check_dkim
PHP:
# These options specify the Access Control Lists (ACLs) that
# are used for incoming SMTP messages - after the RCPT and DATA
# commands, respectively.
Then add this in the ACL Section - generally below check_helo:
PHP:
acl_check_dkim:
warn add_header = X-DKIM-Status: $dkim_verify_status [($dkim_cur_signer) - $sender_host_address]
sender_domains = $sender_address_domain:$dkim_signers
dkim_signers = $sender_address_domain:$dkim_signers
dkim_status = invalid
condition = ${if eq {${lc:$dkim_verify_status}{invalid}{true}{false}}}
warn add_header = X-DKIM-Status: $dkim_verify_status [($dkim_cur_signer) - $sender_host_address]
sender_domains = $sender_address_domain:$dkim_signers
dkim_signers = $sender_address_domain:$dkim_signers
dkim_status = fail
condition = ${if eq {${lc:$dkim_verify_status}{fail}{true}{false}}}
warn add_header = X-DKIM-Status: $dkim_verify_status [($dkim_cur_signer) - $sender_host_address]
sender_domains = $sender_address_domain:$dkim_signers
dkim_signers = $sender_address_domain:$dkim_signers
dkim_status = none
condition = ${if eq {${lc:$dkim_verify_status}{none}{true}{false}}}
warn add_header = X-DKIM-Status: $dkim_verify_status [($dkim_cur_signer) - $sender_host_address]
sender_domains = $sender_address_domain:$dkim_signers
dkim_signers = $sender_address_domain:$dkim_signers
dkim_status = pass
condition = ${if eq {${lc:$dkim_verify_status}{pass}{true}{false}}}
accept
then in the transport section - under driver = smtp add:
PHP:
dkim_domain = ${sender_address_domain}
dkim_selector = x
dkim_private_key = /etc/virtual/${lookup{$sender_address_domain}lsearch{/etc/virtual/domains}{$sender_address_domain}{ERROR}}/dkim.private.key
dkim_canon = relaxed
then create the following script:
Code:
#!/bin/bash
openssl genrsa -out /etc/virtual/$1/dkim.private.key 768
openssl rsa -in /etc/virtual/$1/dkim.private.key -out /etc/virtual/$1/dkim.public.key -pubout -outform PEM
chown mail:mail /etc/virtual/$1/*.key
echo
echo "x._domainkey.$1. 14400 IN TXT \"v=DKIM1; k=rsa; p=`cat /etc/virtual/$1/dkim.public.key|grep -v "\-\-\-\-\-"|sed ':a;N;$!ba;s/\n//g'`\"">>/var/named/$1.db
echo Domain $1, has been configured for DKIM signing.
Code:
add_dkim [I][domain][/I]
e.g. add_dkim example.com
Then for each domain you have, run the script. Or add it to the post_process part of da for domain creation.
of course - if you have lots of domains you could run:
Code:
ls -d */|xargs -n1|cut -d"/" -f1|xargs -n1 add_dkim $1
This is how I set this up - and hope it works well for others.
I'm sorry if this all looks very untidy and hacky. I am not really a liux sysadmin or anything (as you can probably tell). I am learning slowly.
Any improvments are more than welcome!
Thanks all
Neil.