- Home
- Products
- Services
- Solutions
- Asterisk Consulting | Open Source PBX Solution | VoIP Consulting
- Customer Relationship Management Solutions
- Embedded Linux Solutions
- Load Balancing High Volume Solutions
- MySQL | MySQL Clustering | SQL Database Consulting
- Open VPN Solution, Low cost VPN Solution, Open source VPN solution
- Enterprise Email
- Instant Messaging
- Security Firewall
- Network Optimization
- Server Migration
- Thin Client Solutions
- Support
- Training
- Resources
- About Open Source
- Beginning Asterisk Handbook
- Myths of VoIP Communication
- Step by Step Yahoo DomainKeys Implementation Howto on Debian Linux
- Benifits Of Linux In Business
- Benifits Of Linux In Open Source
- Linux Now
- Linux Vs Windows
- Linux for S/390 and the virtual server concept
- Minimize cost Of Ownership
- Why Migrate To Linux
- News
Our Brochure
Easy way to get the answers you need.
Yahoo-DomainKeys-HowTo-Debian
As you might have learnt from our Yahoo DomainKeys Page over here
I have tried to show a step-by-step guide for implementing Yahoo! DomainKeys on your Debian Linux Server. If you have any other server and want us to accomplish the tasks for you, feel free to contact us
You are free to publish this document else where, provided you point a link to our website www.enterux.com and Mentioning us as the Original Author for this document.
So here we start, I assume that you have root previledges on your Debian Box.
You need to determine which MTA (Mail Transfer Agent) you are using, by default Debian comes with Exim, but since our howto deals with doing this using Postfix, we would install Postfix first.
apt-get install postfix
WARNING! : The Above command shall remove your current MTA - which would be exim, so make sure you backup your stuff.
Next we need to install the following Perl Modules from CPAN archive.
- Crypt::OpenSSL::RSA
- Mail::Address
- MIME::Base64
- Net::DNS
- Test::More
- Text::Wrap
- Mail::DomainKeys
Following commands would help.
Note: The first time you install the module, Perl shall ask you to choose the nearest mirror of CPAN archive, just press enter key if you dont understand anything and it should be done all right.
#perl -MCPAN -e'CPAN::Shell->install("Crypt::OpenSSL::RSA")'
#perl -MCPAN -e'CPAN::Shell->install("Mail::Address")'
#perl -MCPAN -e'CPAN::Shell->install("MIME::Base64")'
#perl -MCPAN -e'CPAN::Shell->install("Net::DNS")'
#perl -MCPAN -e'CPAN::Shell->install("Test::More")'
#perl -MCPAN -e'CPAN::Shell->install("Text::Wrap")'
#perl -MCPAN -e'CPAN::Shell->install("Mail::DomainKeys")'
Next you need to download all the relevant Open Source DomainKeys packages released by Yahoo from here , Also since we are using Postfix, We would need to download the dkfilter package written by Jason Long
mkdir /var/domainkeys/
wget http://cogent.dl.sourceforge.net/sourceforge/domainkeys/commands-0.2.tar...
wget http://jason.long.name/dkfilter/dkfilter.tgz
wget http://www.enterux.com/files/dkfilter
tar zxf commands-0.2.tar.gz
tar zxf dkfilter.tgz
Next we need to compile dkfilter package.
cd /var/domainkeys/dkfilter-0.8
./configure --prefix=/usr/local/dkfilter
make install
useradd dkfilter
groupadd dkfilter
cp ../dkfilter /etc/init.d/dkfilter
chmod 755 /etc/init.d/dkfilter
We need to make relevant changes inside Postfix configuration files to check incoming mails for the signature
cd /etc/postfix/
pico master.cf
#
# Before-filter SMTP server. Receive mail from the network and
# pass it to the content filter on localhost port 10025.
#
smtp inet n - n - - smtpd
-o smtpd_proxy_filter=127.0.0.1:10025
-o smtpd_client_connection_count_limit=10
#
# After-filter SMTP server. Receive mail from the content filter on
# localhost port 10026.
#
127.0.0.1:10026 inet n - n - - smtpd
-o smtpd_authorized_xforward_hosts=127.0.0.0/8
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o smtpd_data_restrictions=
-o mynetworks=127.0.0.0/8
-o receive_override_options=no_unknown_recipient_checks
===========================================================
Now to configure Outgoing mails which needs to signed by your private keys i.e. Setting up the Outbound Filter.
cd /var/domainkeys/bin
./dk_generate_policy -a -d enterux.com -n http://www.enterux.com/en/resources/yahoo-domainkeys-howto-debian -q -r support@enterux.com -t
./dk_generate_selector -d enterux.com -n http://www.enterux.com/en/resources/yahoo-domainkeys-howto-debian -k 768 -q -s postfix -S
cp postfix.enterux.com.public.pem /usr/local/dkfilter/public.key
cp postfix.enterux.com.private.pem /usr/local/dkfilter/private.pem
You need to replace your domain name on the argument -d enterux.com, e.g -d yourdomainname.com
By default Debian runs Bind DNS Server, so the next step would be to edit yourdomainname.com Zone file.
cd /etc/bind/
cat /var/domainkeys/bin/enterux.com.BIND.txt >> /etc/bind/enterux.com.zone
cat /var/domainkeys/bin/postfix._domainkey.enterux.com.BIND.txt >> /etc/bind/enterux.com.zome
vi /etc/bind/enterux.com.zone
Change the SOA, Serial number so that secondary DNS Servers know about the change.
Now we need to tell Postfix to sign all outbound mails.
pico /etc/postfix/master.cf
#
# modify the default submission service to specify a content filter
# and restrict it to local clients and SASL authenticated clients only
#
submission inet n - n - - smtpd
-o smtpd_etrn_restrictions=reject
-o smtpd_sasl_auth_enable=yes
-o content_filter=dksign:127.0.0.1:10027
-o receive_override_options=no_address_mappings
-o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
#
# specify the location of the DomainKeys signing filter
#
dksign unix - - n - 10 smtp
-o smtp_send_xforward_command=yes
#
# service for accepting messages FROM the DomainKeys signing filter
#
127.0.0.1:10028 inet n - n - 10 smtpd
-o content_filter=
-o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
-o smtpd_helo_restrictions=
-o smtpd_client_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
-o smtpd_authorized_xforward_hosts=127.0.0.0/8
# For Postfix to sign mails sent out using Webmails
pickup fifo n - n 60 1 pickup
-o content_filter=dksign:127.0.0.1:10027
save and restart Postfix as well as DNS Server.
/etc/init.d/bind9 restart
/etc/init.d/postfix restart
/etc/init.d/dkfilter start
You are up and running now with DKFilter signing all the outgoing mails and would check all incoming mails for DomainKey signatures.
For more details on the DKFilter setup, please refer to Jason Longs DKFilter Page
If you find any problem with the above, feel free to email me.
Feel free to donate an amount you feel is worthy ($5, $10 or more, it's up to you!) through a free PayPal account, you can use your credit card, or transfer money from a bank account with your PayPal account. Please click on the Paypal icon below
More ..
If you want to publish this Howto elsewhere, you need to provide a link back to http://www.enterux.com, http://www.enterux.com/en/resources/yahoo-domainkeys-howto-debian, acknowledging, Mitul Limbani as the Original Author of the document.
Stop Spam !!