Home > Linux

Implement domainkeys into QMail

DomainKeys is an e-mail authentication system designed to verify the DNS domain of an e-mail sender and the message integrity. The DomainKeys specification has adopted aspects of Identified Internet Mail to create an enhanced protocol called DomainKeys Identified Mail (DKIM). This merged specification became the basis for an IETF Working Group which guided the specification toward becoming an IETF standard.  This blog will guide you step by step on how to implement DomainKeys using Qmail.

1. install qmail as per our guide (skip this if you have an existing/compatible qmail installation).
any qmail install based off LWQ should be compatible – including netqmail, qmail-isp, and even qmail-aio.

2. install OpenSSL as per the INSTALL file of the latest stable tarball (skip if you already have an existing/compatible OpenSSL)

3. Set it all up

  cd /usr/local/src/
  wget http://cr.yp.to/software/qmail-1.03.tar.gz
  wget http://superb-east.dl.sourceforge.net/sourceforge/domainkeys/libdomainkeys-0.68.tar.gz
  wget http://www.qmail.org/qmail-1.03-dk-0.54.patch
  wget http://jeremy.kister.net/code/qmail-dk-0.54-auth.patch # optional, for smtp-auth
  tar -zxvf libdomainkeys-0.68.tar.gz
  cd libdomainkeys-0.68
  make
  tar -zxvf /usr/local/src/qmail-1.03.tar.gz
  echo 'gcc -O2 -include /usr/include/errno.h' > qmail-1.03/conf-cc
  patch -d qmail-1.03/ < ../qmail-1.03-dk-0.54.patch
  patch -d qmail-1.03/ < ../qmail-dk-0.54-auth.patch   # optional, for smtp-auth
  cd qmail-1.03
  make qmail-dk
  cp qmail-dk /var/qmail/bin/
  cp qmail-dk.8 /var/qmail/man/man8/
  chown qmailq /var/qmail/bin/qmail-dk
  chmod 4711 /var/qmail/bin/qmail-dk

4. Next, we set up a RSA key pair, as according to http://domainkeys.sourceforge.net/keygen.html.

  mkdir -p /etc/domainkeys/example.com/
  cd /etc/domainkeys/example.com/
  /usr/local/ssl/bin/openssl genrsa -out rsa.private 768
  /usr/local/ssl/bin/openssl rsa -in rsa.private -out rsa.public -pubout -outform PEM
  mv rsa.private default
  chown -R qmailq /etc/domainkeys
  chmod 0600 default

5. Make your public DomainKey:

  grep -v ^- rsa.public | perl -e 'while(<>){chop;$l.=$_;}print "k=rsa; t=y; p=$l;n";'

6. Create a TXT record in your DNS as per http://domainkeys.sourceforge.net/dist.html:

For tinydns (djbdns):
'_domainkey.example.com.:k=rsa; t=y; o=-;
'default._domainkey.example.com.:DomainKey_from_step_5

or for BIND:
_domainkey.example.com. IN TXT "k=rsa; t=y; o=-;"
default._domainkey.example.com. IN TXT "DomainKey_from_step_5"

7. Next, modify your /etc/tcp.smtp:

  • If you control who relays through your machine via RELAYCLIENT:

10.0.0.2:allow,RELAYCLIENT=””,DKSIGN=”/etc/domainkeys/example.com/default“,QMAILQUEUE=”bin/qmail-dk”
:allow,DKVERIFY=”DEGIJKfh”,QMAILQUEUE=”bin/qmail-dk”

  • Or, if you use SMTP AUTH to control who relays through your machine,
    and you’ve patched with the above qmail-0.54-dk-auth.patch,
    you don’t have to worry about setting DKSIGN:

:allow,DKVERIFY=”DEGIJKfh”,QMAILQUEUE=”bin/qmail-dk”

8. Rebuild your cdb file:

  qmailctl cdb

9. Be sure to watch your /var/log/qmail/smtpd/current for problems involving
not having enough memory. You may need to increase the softlimit memory
size in /service/qmail-smtpd/run.

10. If you want qmail-dk to sign messages that you send from the command line,
you have to set up some environment variables.

You can choose to modify your .profile:
QMAILQUEUE=/var/qmail/bin/qmail-dk
DKSIGN=/etc/domainkeys/example.com/default
export QMAILQUEUE DKSIGN

Or, as Kyle Wheeler suggested, you can put a wrapper around sendmail:
#!/bin/sh
export QMAILQUEUE=/var/qmail/bin/qmail-dk
export DKSIGN=/etc/domainkeys/example.com/default
exec /var/qmail/bin/sendmail “$@”

11. And finally, test your installation:
send mail to dktest@temporary.com. You should get a reply within a few minutes.

When you’re satisfied with your installation:
change the “t=y” in your DNS TXT RRs to “t=n”: this takes your DomainKey out of “test mode”.
To be a bit more aggressive, add a “B” to your DKVERIFY string. man qmail-dk for more info.

Installing qmail on a Linux server

This blog will explain step by step how to setup and configure qmail (1.03) on a Linux-based server.  Different people setup qmail different ways but, I have found this to be the best and easiest way.  Do not skip any step unless the step is noted optional.

Add users and groups.

PATH=/bin:/sbin:/usr/bin:/usr/sbin
groupadd nofiles -g 81
groupadd qmail -g 82
useradd alias -u 81 -g nofiles -s /nonexistent -d /var/qmail/alias -M
useradd qmaild -u 82 -g nofiles -s /nonexistent -d /var/qmail -M
useradd qmaill -u 83 -g nofiles -s /nonexistent -d /var/qmail -M
useradd qmailp -u 84 -g nofiles -s /nonexistent -d /var/qmail -M
useradd qmailq -u 85 -g qmail -s /nonexistent -d /var/qmail -M
useradd qmailr -u 86 -g qmail -s /nonexistent -d /var/qmail -M
useradd qmails -u 87 -g qmail -s /nonexistent -d /var/qmail -M

Download qmail source code.

cd /usr/local/src
wget http://cr.yp.to/software/qmail-1.03.tar.gz

Download patches.

wget http://tomclegg.net/software/patch-qmail-103.patch
wget http://tomclegg.net/software/patch-qmail-sendmail-flagf.patch
wget http://tomclegg.net/software/patch-qmail-badmailfrom-wildcard
wget http://tomclegg.net/software/patch-qmail-capa-pop3d
wget http://tomclegg.net/software/patch-qmail-capa-popup
wget http://tomclegg.net/software/patch-qmail-remote-auth
wget http://tomclegg.net/software/patch-qmail-smtpd-auth
wget http://tomclegg.net/software/patch-qmail-smtpd-auth-log

Extract qmail and apply patches.

tar xzf qmail-1.03.tar.gz
cd qmail-1.03
for d in ../patch-qmail-*; do patch <“$d”; done

Compile and install qmail.

make setup check

Some linux systems don’t like the way qmail uses “errno”:

./load auto-str substdio.a error.a str.a
substdio.a(substdo.o)(.text+0x43): In function `allwrite’:
: undefined reference to `errno’
collect2: ld returned 1 exit status
make: *** [auto-str] Error 1

To fix this, edit the error.h file in the qmail source code. Add this after 2, before the line saying “extern int errno;”:

#include “errno.h”

After you add that, do “make setup check” again.

You will need to do this again in a few minutes, when you compile checkpassword and daemontools.

Configure qmail.

cd /var/qmail/control
hostname >me
cp me locals
echo YOUR.IP.ADDR.HERE >>locals
cp locals rcpthosts

cd /var/qmail/alias
echo YOUR@EMAIL.ADDRESS >.qmail-root
cp .qmail-{root,mailer-daemon}
cp .qmail-{root,postmaster}
cp .qmail-{root,hostmaster}
cp .qmail-{root,abuse}

Download and install checkpassword.

cd /usr/local/src
wget http://cr.yp.to/checkpwd/checkpassword-0.90.tar.gz
tar xzf checkpassword-0.90.tar.gz
cd checkpassword-0.90
make
make setup check

(or use the author’s installation guide)

Download and install cmd5checkpw.

cd /usr/local/src
wget http://members.elysium.pl/brush/cmd5checkpw/dist/cmd5checkpw-0.22.tar.gz
tar xzf cmd5checkpw-0.22.tar.gz
cd cmd5checkpw-0.22
make
vi Makefile
## (change /usr/man/man8 to /usr/share/man/man8)
make install

Download and install daemontools.

wget http://cr.yp.to/daemontools/daemontools-0.76.tar.gz
tar xzf daemontools-0.76.tar.gz
cd admin/daemontools-0.76
package/install

svscan should be running now. pstree should show something like this.

|-svscanboot-+-readproctitle
|            `-svscan

Add to /etc/profile:

if ! echo $PATH | /bin/grep -q “/command” ; then
PATH=”/command:$PATH”
fi

Create /var/service and set up a service directory for qmail-send.

mkdir -p /var/service/qmail-send
cd /var/service/qmail-send
mkdir log log/main
chown qmaill log/main
chmod g+s log/main
chmod +t .
cat <<‘EOF’ >run
#!/bin/sh
exec env – PATH=”/var/qmail/bin:$PATH” qmail-start ./Maildir/ 2>&1
EOF
cat <<‘EOF’ >log/run
#!/bin/sh
exec env – PATH=”/command” setuidgid qmaill multilog t s999999 ./main
EOF
chmod +x run log/run

Turn on the supervised qmail service.

ln -s /var/service/qmail-send /service/

Wait a few seconds. qmail-send should be running now. pstree should show something like this.

 

  |-svscanboot-+-readproctitle
     |            `-svscan-+-supervise---qmail-send-+-qmail-clean
     |                     |                        |-qmail-lspawn
     |                     |                        `-qmail-rspawn
     |                     `-supervise---multilog

Download and install ucspi-tcp.

cd /usr/local/src
wget http://cr.yp.to/ucspi-tcp/ucspi-tcp-0.88.tar.gz
tar xzf ucspi-tcp-0.88.tar.gz
cd ucspi-tcp-0.88
make setup check

Set up a qmail-smtpd service on port 2525 for testing. Allow relaying to any domain from 127.0.0.1 and 192.168.202.0/24.

cd /var/service
mkdir qmail-smtpd
cd qmail-smtpd
mkdir log log/main
chown qmaill log/main
chmod g+s log/main
chmod +t .
cat <<‘EOF’ >run
#!/bin/sh
exec env – PATH=”/var/qmail/bin:$PATH”
envuidgid qmaild
tcpserver -U -vR -l 0 -x rules.cdb 0 2525
rblsmtpd -a antirbl.tomclegg.net
-r relays.ordb.org
-r bl.spamcop.net
qmail-smtpd `cat /var/qmail/control/me` cmd5checkpw true
2>&1
EOF

cat <<‘EOF’ >rules
192.168.202.:allow,RELAYCLIENT=””,RBLSMTPD=””
127.0.0.1:allow,RELAYCLIENT=””,RBLSMTPD=””
:allow
EOF
tcprules rules.cdb rules.tmp <rules

cat <<‘EOF’ >log/run
#!/bin/sh
exec env – PATH=/command setuidgid qmaill multilog t ./main
EOF
chmod +x run log/run

Start the qmail-smtpd service.

ln -s /var/service/qmail-smtpd /service/

Set up a qmail-pop3d service on port 25110 for testing.

cd /var/service
mkdir qmail-pop3d
cd qmail-pop3d
mkdir log log/main
chown qmaill log/main
chmod g+s log/main
chmod +t .
cat <<‘EOF’ >run
#!/bin/sh
exec env – PATH=”/var/qmail/bin:$PATH”
tcpserver -vR -l 0
0 25110
qmail-popup “`cat /var/qmail/control/me`”
checkpassword qmail-pop3d Maildir
2>&1
EOF

cat <<‘EOF’ >log/run
#!/bin/sh
exec env – PATH=/command setuidgid qmaill multilog t ./main
EOF
chmod +x run log/run

Start the qmail-pop3d service.

ln -s /var/service/qmail-pop3d /service/

Create a Maildir for each user.

cd /home &&
for user in *
do
su -l “$user” -c “/var/qmail/bin/maildirmake Maildir”
ls -ld “$user”/Maildir
done

Create a Maildir in /etc/skel.

/var/qmail/bin/maildirmake /etc/skel/Maildir

Switching mail service from sendmail to qmail

Translate /home/*/.forward to /home/*/.qmail (details omitted).

Translate /etc/mail/virtusertable to /var/qmail/alias/.qmail-* and /var/qmail/control/virtualdomains (details omitted).

Test local delivery using “telnet localhost 2525”

Test remote delivery using “telnet localhost 2525”

Test relay control using “telnet YOUR.IP.ADDR.HERE 2525” from somewhere else. You should be able to connect, but mail to test@example.com should be refused.

Test pop using “telnet localhost 25110”

Replace /usr/sbin/sendmail with a symlink to /var/qmail/bin/sendmail

cd /usr/sbin
mv -i sendmail sendmail~
ln -s /var/qmail/bin/sendmail

Turn off pop3 service in /etc/xinetd.d/ipop3 and kick xinetd.

perl -pi~ -e ‘s,^},tdisable = yesn},’ /etc/xinetd.d/ipop3
killall -USR1 xinetd

Make sure sendmail won’t start at boot time any more.

# /sbin/chkconfig sendmail off
# /sbin/chkconfig –level 2 sendmail off
# /sbin/chkconfig –list sendmail
sendmail        0:off   1:off   2:off   3:off   4:off   5:off   6:off

Stop sendmail.

killall sendmail

Change port 2525 to port 25 in /service/qmail-smtpd/run, change port 25110 to port 110 in /service/qmail-pop3d/run, and restart qmail-smtpd.

svc -t /service/qmail-smtpd /service/qmail-pop3d

Convert /var/spool/mail/* to /home/*/Maildir/ (details omitted).

If you use pine, change the inbox-path in your ~/.pinerc file:

inbox-path={localhost/pop3}INBOX

Setup SHOUTcast server on Linux

This article explains step by step on how to setup and configure a SHOUTcast server on Linux. This will be a great article for B2Net clients who chose not to use our easySHOUT Shoutcast Control Panel.

First of all, you will need to SSH to the server where you want to setup your SHOUTcast server. You can do this by using an SSH client such as Putty.

1) Once logged in, you will need to download the latest Linux SHOUTcast server files, well use wget to download these files straight to the server…

For Linux:
wget http://yp.shoutcast.com/downloads/sc1-9-8/sc_serv_1.9.8_Linux.tar.gz
For FreeBSD 5.x:
wget http://yp.shoutcast.com/downloads/sc1-9-8/sc_serv_1.9.8_FreeBSD5.tar.gz
For FreeBSD 4.x:
wget http://yp.shoutcast.com/downloads/sc1-9-8/sc_serv_1.9.8_FreeBSD4.tar.gz

2) Next you will need to untar the files…

tar -zxvf sc_serv_1.9.8_Linux.tar.gz

3) After you have untarred, there will be a folder called “sc_serv_1.9.8_Linux,” let’s rename it to “shoutcast”

mv sc_serv_1.9.8_Linux shoutcast

4) We won’t need the file you downloaded anymore, so let’s get rid of that…

rm
sc_serv_1.9.8_Linux.tar.gz

5) Now you could either FTP into the server and configure sc_serv.conf or use shell editor (pico or nano) depending on which editor is installed on the server…

pico sc_serv.conf
or
nano sc_serv.conf

6) Now we need to edit the configuration file. I can’t really tell you what to configure in the file because it really depends on how you want it setup, but the main things you need to change are…

maxuser
password
port

remove the ; infront of adminpassword and set a password

7) Now save the configuration file and close it…

ctrl-x to save and exit the editor

8) Now that we’re done with the configuration, you can start the server!

./sc_serv sc_serv.conf

If you need help or information on how to stream music (DJ) to your server, check out our blog at <insert link here when it’s published.>

If you have any other questions, feel free to email support@b2netsolutions.com or use our Live Chat feature on the website!

How to install and setup psyBNC

This article explains step by step on how to download, install and setup psyBNC.

1. Login to your shell using SSH, you should have already received your login information.

2. Download psyBNC, type this in your ssh terminal:

wget http://www.psybnc.at/download/beta/psyBNC-2.3.2-7.tar.gz

3. The next step is to extract the psyBNC archive we just downloaded:

tar -zxvf psyBNC-2.3.2-7.tar.gz

4. Now we need to change to the new psybnc directory:

cd psybnc

5. Now this is where it gets a bit harder, psyBNC includes a GUI for configuring the bnc. In order to use the GUI to configure everything.

make menuconfig

6. If you got the GUI, then you need to configure all the settings to your liking. Make sure Compiling Options is highlighted and then press enter. [X] means the option is selected and [  ] means it is not, if there is something selected you do not want enabled, scroll down to the line using the arrow keys and hit space.  If there is something not enabled that you do what enabled, do the same thing, scroll down and hit space.  After you’re done with that part, you can exit the menu by hitting the left arrow key and pressing enter.  Now press the down arrow key to highlight Bouncer Config, it will take you inside another menu where you need to edit everything to your liking. Be sure to add a new user, configure the port you would like the bnc to run on and any other options you might want to customize. After you’re done with everything, exit all the menus.

7.  After you have exited all the menus, it should have compiled everything.  You can now type:

./psybnc

Your bnc is now configured and running!

For help on how to use your psyBNC, please check out our topic on “Using your psyBNC”. 
If you have any issues, email support@b2netsolutions.com