Home » Network » Mail » SMTP

sendmail

warning: filemtime(): stat failed for taxonomy/term/93/0/feed in /home/server/html/drupal6/sites/all/modules/cdn/cdn.basic.farfuture.inc on line 232.

sendmail, milters and DomainKeys

Posted August 20th, 2004 by leif

I decided to give the DomainKeys a test on my ogre.com domain the other day. My system is a pretty generic sendmail installation (8.13.1), with a few milters ("mail filters") running already. In particular, I use MIMEdefang, which likes to append a new X-Scanned-By header on all messages.

This does not work well with Domain Keys, since it expects no header changes after it calculates the signature. I could either get it to work for all my outgoing mail (the DK filter last in the milter chain), or for all incoming mail (the DK filter first). But no matter what, it can't function properly for both cases.

Instead, I ended up creating a second sendmail configuration (and process) instance. This wasn't terribly difficult, but I'll describe the steps I had to take.

1. Install sendmail 8.13 (or later), and the dk-filter milter, and follow all the instructions for setting up your ))DomainKey(( system. I added the following to my DNS server:

ogre._domainkey IN      TXT     "g=; k=rsa; t=y; p= ... <excluded, use DNS>
_domainkey      IN      TXT     "t=y; o=~; n=contact leif@ogre.com;"

2. First I fixed my existing sendmail.cf (the .mc file) by making sure it did not bind the MSA port (587), and also run the DK filter first (before any other milters):

FEATURE(no_default_msa)dnl

INPUT_MAIL_FILTER(`dk-filter', `S=unix:/var/spool/dk.socket')dnl
INPUT_MAIL_FILTER(`mimedefang', `S=unix:/var/spool/md.sock, T=S:1m;R:1m')dnl

3. Next I created a second configuration, I call it sendmail-msa.cf (and .mc), which is close to identical to my original configuration. The only changes are

define(`QUEUE_DIR', `/var/spool/mqueue-msa')dnl
DAEMON_OPTIONS(`Port=587, Name=MTA, M=Ea')dnl
FEATURE(no_default_msa)dnl

INPUT_MAIL_FILTER(`mimedefang', `S=unix:/var/spool/md.sock, T=S:1m;R:1m')dnl
INPUT_MAIL_FILTER(`dk-filter', `S=unix:/var/spool/dk.socket')dnl

You have to make sure you run the dk-filter last, so that no other milters can change or add any mail headers after the DK signature has been generated.

4. Finally, I start up a second instance of sendmail, using the new configuration:

/usr/sbin/sendmail -bd -C /etc/mail/sendmail-msa.cf -q1h

And that's it!