Admin Life Errors, Fixes, and Encounters

7Jun/10Off

setup domainkeys with postfix and freebsd on a jail

How to setup domainkeys for yahoo on freebsd 7.3 (I'm sure it works with older versions of freebsd) on postfix 2.7. This may seem long but it works! It's not that long of a process...

Fist, Install postfix and configure. This is a very basic setup, I'll have a more advanced postfix install in the near future.

cd /usr/ports/mail/postfix
make install clean
cd /etc
ln -s /usr/local/etc/postfix postfix
cd /etc/postfix
vi main.cf

// change the following
/////////////////////////////////////
myhostname = mail1.domain.com
mydomain = mail1.domain.com
myorigin = $mydomain
inet_interfaces = 56.56.56.56
mydestination = $myhostname, localhost.$mydomain, $mydomain
mynetworks = 56.56.56.56,127.0.0.1

install dkfilters

cd /usr/ports/mail/dkfilter
make install clean

//Setting up the outbound filter
/////////////////////////////

Generate a private/public key pair using OpenSSL:

cd /usr/local/etc/
openssl genrsa -out private.key 1024
openssl rsa -in private.key -pubout -out public.key

start up dkfilters, don't forget to change IP 56.56.56.56 to your own IP

/usr/local/bin/dkfilter.out --keyfile=/usr/local/etc/private.key --selector=selector1 --domain=mail1.domain.com --method=nofws 56.56.56.56:10027 56.56.56.56:10028 &

add to master.cf, 2nd line if a jail server

############################################
submission inet n - n - - smtpd
-o smtpd_etrn_restrictions=reject
#-o smtpd_sasl_auth_enable=yes
-o content_filter=dksign:[56.56.56.56]:10027
-o receive_override_options=no_address_mappings
-o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
dksign unix - - n - 10 smtp
-o smtp_send_xforward_command=yes
-o smtp_discard_ehlo_keywords=8bitmime
56.56.56.56:10028 inet n - n - 10 smtpd
-o content_filter=
-o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
-o smtpd_helo_restrictions=
-o smtpd_client_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=67.213.69.0/24
-o smtpd_authorized_xforward_hosts=56.56.56.0/24

I got this error in the /var/log/maillog
postfix/local[11933]: fatal: open database /etc/aliases.db: No such file or directory
// to fix it...

cd /etc
newaliases

# change resolv.conf if you haven't done so yet...
# update hosts with correct IPs of machine

// restart postfix

/usr/local/sbin/postfix stop
/usr/local/sbin/postfix start

May 31 22:00:22 mail1 postfix/postfix-script[12148]: stopping the Postfix mail system
May 31 22:00:22 mail1 postfix/master[12023]: terminating on signal 15
May 31 22:00:25 mail1 postfix/postfix-script[12224]: starting the Postfix mail system
May 31 22:00:25 mail1 postfix/master[12225]: daemon started -- version 2.7.0, configuration /usr/local/etc/postfix

didn't work with yahoo, i got this error
domainkeys=permerror (no key);
FIX: in my dns i added (in godaddy)

host: selector1._domainkey.mail1
TXT value: k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDIshG7shxiCH280IycLOzF3cSTBE27rGypfK3SWiE37A9Z9OR7GDApCFBFfLWyQKaDPA+e4+mPvAVizOfn6Zj8FnuOL+BrOYUJJG/PbCT4t+V5Aagi/l7Z6VXfoKbzYcESNVPntROEzUZLyWXWYzI2qbgjWi2RxQVoRxl3uWXihQIDAQAB; t=y

error after installing postfix and trying to start it up...

Jun 1 14:32:14 mail1 postfix/postfix-script[60663]: starting the Postfix mail system
// Jun 1 14:32:14 mail1 postfix/master[60664]: fatal: bind 56.56.56.56 port 25: Address already in use

vi /etc/rc.conf
add sendmail_enable="NO"

restart jail or machine

error with SPF
check to see if it can find a value for your spf

nslookup -type=TXT domain.com

For a sub domain

nslookup -type=TXT mail1.domain.com

Stay tuned for a more up-to-date version in the next week or two.

Comments (0) Trackbacks (0)
  1. Thank for this great post, i like what you

    read.

  2. very good information you write it very clean. I’m very lucky to get

    this info from you.

  3. Genial fill someone in on and this enter helped me alot in my college assignement. Thank you as your information.


Trackbacks are disabled.