Monthly Archives: April 2012

Installing DKIM and DomainKeys for postfix on Ubuntu 10.04

Servername: web1.domain.com
From address: noreply@example.com

Aim: validate DKIM and DomainKeys for this email address sending from this server.

Requirements: access to enter TXT DNS records for domain.com and example.com, and root access to web1.domain.com server.

  1. apt-get install dkim-filter; apt-get install dk-filter
  2. vi /etc/dkim-filter.conf
    Uncomment UMask
    Uncomment Domain, and set to “*” (without quotation marks)
    Underneath Domain, create the following “KeyList    /etc/mail/dkim_domains.key”
    Uncomment Selector and set to “mail”
    You can also uncomment AutoRestart if you want and set to “yes”, and Statistics
    Do not uncomment Version – it’s not a valid setting
    Save and close
  3. vi /etc/postfix/main.cf
    Append the following:
    # DKIM & DomainKeys
    milter_default_action = accept
    milter_protocol = 2
    smtpd_milters = inet:localhost:8891,inet:localhost:8892
    non_smtpd_milters = inet:localhost:8891,inet:localhost:8892
  4. cd /etc/mail
  5. dkim-genkey -t -s mail -d web1.domain.com (dkim key)
  6. openssl genrsa -out domainkey.key 1024 (domainkeys private key)
  7. openssl rsa -in domainkey.key -out domainkey.pub -pubout -outform pem (domainkeys public key)
  8. mv mail.private mail
  9. vi /etc/default/dk-filter
    Uncomment out DAEMON_OPTS and SOCKET and set them like so:
    DAEMON_OPTS=”$DAEMON_OPTS -d example.com t -s /etc/mail/domainkey.key -S web1″ (the selector here is web1; this is because the DNS record has to go on example.com for DomainKeys, so for every server you want to send example.com mail for you’ll need a seperate record)
    SOCKET=”inet:8892@localhost”
  10. Open up mail.txt; you need to create the DNS record for DKIM for web1.domain.com from this.  I use a managed DNS service for domain.com, so I put “mail._domainkey.web1” in the subdomain/selector, and paste the bit in quotes as the record content.  Notice the mail.txt file does not have the domain appended, but I’ve added my subdomain web1 in my record.
  11. Make two more DNS records, this time on example.com:
    _domainkey IN TXT “t=y; o=~;”
    web1._domainkey IN TXT “k=rsa; t=y; p=<INSERT KEY FROM DOMAINKEYS.PUB HERE>”
  12. vi /etc/mail/dkim_domains.key  (new file)
    Paste in the following:
    *:web1.domain.com:/etc/mail/mail
  13. Start/restart services; service dkim-filter restart; service dk-filter restart; service postfix restart (dkim went a bit funny for me here; may be better for dkim-filter and dk-filter to stop, then start them)
  14. To check the DNS is set up properly, go to http://domainkeys.sourceforge.net/selectorcheck.html and put in web1._domainkey.example.com, then go to http://dkimcore.org/tools/dkimrecordcheck.html and put in mail for the selector, and web1.domain.com for the domain name.
  15. To check it works; send an email to yahoo address, and check out View Full Header (under the cog button), you should find a line:
    Authentication-Results: mta1066.mail.ird.yahoo.com  from=example.com; domainkeys=pass (ok);  from=web1.domain.com; dkim=pass (ok)

 

You’ll notice that DKIM and DomainKeys use different parts of the header for validation.  DKIM is looking at the server name given by postfix, and DomainKeys is looking at the domain of the From address.

With the solution above, for every additional server sending emails from example.com, you’ll need to set up a DKIM record for the server hostname, and a DomainKeys record for example.com (with a separate selector).

Installing CentOS 6.2 on XenServer 6.0

Choose to install from URL, and enter the following URL (or your nearest mirror equivalent): http://mirror01.th.ifl.net/centos/6.2/os/x86_64/

The installer is looking for the following path: isolinux/isolinux.cfg

Choose to start VNC (as per: http://forums.citrix.com/thread.jspa?threadID=302677)

Start up your VNC client (eg tightVNC), connect to <IP>:1, put in your password

Once you’ve finished the installation you can install XenServer Tools:

  1. Put the XS Tools cd into the VM cd drive
  2. mkdir /mnt/xs-tools
  3. mount /dev/xvdd /mnt/xs-tools
  4. bash /mnt/xs-tools/Linux/install.sh

This should auto-detect your OS, install required packages, and ask you to reboot the machine.