How to enable DomainKeys with latest exim builds?

**norelidd** · 05-03-2007 09:05 PM

According to this: http://bugzilla.cpanel.net/show_bug.cgi?id=4099 , DomainKeys support in exim has been in EDGE builds since around 4/10/2007.

The question is, how do we enable, configure, and use this on our servers? Many people are having the problem of mail to DomainKeys-enabled servers being sent directly to the spambox. Such is the case on Yahoo at least, and surely other mailhosts are being more aggressive soon.

A test email from my EDGE 11.3 cpanel server to an account at yahoo mail displays as such at yahoo (after being fished out of the spambox)

Code:

<snip>
Authentication-Results: mta361.mail.re4.yahoo.com  from=citronix.net; domainkeys=neutral (no sig)
<snip>

we see there that there is no domainkeys signature by default. So how do we get this working?

**msti** · 05-15-2007 03:04 AM

Did you find any solution to this?

**norelidd** · 05-30-2007 03:23 AM

nope, no luck so far. I would love for someone from cpanel to illuminate the path for us

**chirpy** · 05-30-2007 10:14 AM

I haven't played with it myself, but the Exim Wiki page for DomainKeys is here:
http://www.exim.org/eximwiki/DomainKeys

Note that page does say that the support for it is "Experimental". You'll have to look around the DomainKeys site to find out how to implement it for outgoing email, incoming is explained clearly enough it seems in the wiki.

**MaraBlue** · 05-30-2007 11:50 AM

Originally Posted by chirpy

I haven't played with it myself, but the Exim Wiki page for DomainKeys is here:
http://www.exim.org/eximwiki/DomainKeys

Note that page does say that the support for it is "Experimental". You'll have to look around the DomainKeys site to find out how to implement it for outgoing email, incoming is explained clearly enough it seems in the wiki.

That wiki talks about adding libraries to the Makefile, etc...which shouldn't be necessary if support is built into cPanel. If this is a feature cPanel has incorporated into cPanel/WHM, I think they should document it somewhere

**cpanelnick** · 05-30-2007 12:24 PM

Originally Posted by MaraBlue

That wiki talks about adding libraries to the Makefile, etc...which shouldn't be necessary if support is built into cPanel. If this is a feature cPanel has incorporated into cPanel/WHM, I think they should document it somewhere

There are still memory leaks in the domain keys code because of openssl bugs.

We should be able to start using it once more people have ditched rh9.

**MaraBlue** · 05-30-2007 12:37 PM

Originally Posted by cpanelnick

There are still memory leaks in the domain keys code because of openssl bugs.

We should be able to start using it once more people have ditched rh9.

Well BLAST those RH9 peeps!

This is good to know, though I'm not happy to hear about OpenSSL bugs (I had no idea). Just yesterday I was going through my list of installed software and noticed OpenSSL is kind of old, but I also made a note "do not update outside of cPanel", so I don't/didn't.

Is there a plan to move away from OpenSSL to something else, or upgrade it, or?

**cpanelnick** · 05-30-2007 12:40 PM

Originally Posted by MaraBlue

Well BLAST those RH9 peeps!

This is good to know, though I'm not happy to hear about OpenSSL bugs (I had no idea). Just yesterday I was going through my list of installed software and noticed OpenSSL is kind of old, but I also made a note "do not update outside of cPanel", so I don't/didn't.

Is there a plan to move away from OpenSSL to something else, or upgrade it, or?

The memory leaks are only in the older versions. (ie rh9 land)

**MaraBlue** · 05-30-2007 12:44 PM

Originally Posted by cpanelnick

The memory leaks are only in the older versions. (ie rh9 land)

So 0.9.7a is cool?

**jdlightsey** · 05-30-2007 01:14 PM

The two OpenSSL memory cleanup functions that were a problem are EVP_MD_CTX_cleanup() and CRYPTO_cleanup_all_ex_data() introduced in the first release of OpenSSL 0.9.7. The domainkeys library assumes they're available and uses them.

On older distros with OpenSSL 0.9.6, domainkeys will leak a tiny amount of memory where those functions would have been called. If your distro shipped with any version of 0.9.7, it shouldn't be an issue.

**MaraBlue** · 05-30-2007 01:16 PM

Originally Posted by jdlightsey

The two OpenSSL memory cleanup functions that were a problem are EVP_MD_CTX_cleanup() and CRYPTO_cleanup_all_ex_data() introduced in the first release of OpenSSL 0.9.7. The domainkeys library assumes they're available and uses them.

On older distros with OpenSSL 0.9.6, domainkeys will leak a tiny amount of memory where those functions would have been called. If your distro shipped with any version of 0.9.7, it shouldn't be an issue.

Awesome, thanks for the reply.

**norelidd** · 06-02-2007 02:41 AM

Ok, so for those of use who are not affected by these bugs... how do we enable/setup domainkeys?

**JBenedetti** · 06-03-2007 01:24 PM

I've been having serious problems with Yahoo greylisting my server and am another who is eager to enable DK. So, for those of us with OpenSSL/0.9.7a is the procedure simply that shown at http://www.exim.org/eximwiki/DomainKeys ? Or is there going to be something rolled into WHM 11 once the second stage of their update rolls out this month? I'm running a CURRENT release at the moment, which has phase 1 of the WHM 11 upgrade running.