The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

DKIM Support Added To Nodes Successfully - 11.28.52-RELEASE_50725

Discussion in 'General Discussion' started by nwtg, Dec 25, 2010.

  1. nwtg

    nwtg Active Member

    Joined:
    Dec 24, 2010
    Messages:
    34
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Portland, Oregon
    cPanel Access Level:
    Root Administrator
    Hi.

    I'm usually helping people at WHT, but thought I would share this here as well.

    I'm honestly not sure if this is old news by now, but I've been reading up here, especially This DKIM thread.

    I've put together a workaround process to support DKIM signatures. It has worked in QA, and I just moved it to the production nodes today. I am running 11.28.52-RELEASE_50725.

    Involves a bit of manual zone tweaking, a few unexpected tricks in cPanel "Email Authentication" and some tedious time spent in exim.conf, exim.conf.localopts and verifying your MAILHELO and /etc/mail_reverse_dns. The only downside is that you have to give up DomainKeys Signatures if you want support for DKIM.

    Code:
    2010-12-24 16:14:43 H=localhost.localdomain (webmail.nwtechgroup.com) [127.0.0.1] Warning: Sender rate 23.0 / 1h
    
    2010-12-24 16:14:44 1PWHmV-0001L9-UI <= [email]john@nwtechgroup.com[/email] H=localhost.localdomain (webmail.nwtechgroup.com) [127.0.0.1] P=esmtpa A=dovecot_login:john@nwtechgroup.com S=1206 id=b1eacef86e96334e4c505a8d303a6d5c.squirrel@webmail.nwtechgroup.com
    
    [b]2010-12-24 16:14:44 1PWHmV-0001L9-UI Message signed with DKIM: DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
            d=nwtechgroup.com; s=default; h=Message-ID: Date: Subject:From:To: [/b]
            Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding;
            bh=Ikg14KprzypYlejwPLa35vaNVzy198CRaqAFEDIficw=; b=NNpIAwZgPcYrL
            oyV6cWD4UBZuFpjVg+rekMFxUJwx7e/5XfReZ2ah1OrghDJdUJ/ECyjuKrgFbz7v
            OfKWy/JPZabVfTpKcFg6YBIcT/tHVwGxKkM82VYo21R+Yzb23LPRKuwGeLyA3DEs
            VxTC0nZqUFCMlmH2xnqEYN5pyy6dFI=
    
    2010-12-24 16:14:44 1PWHmV-0001L9-UI => [email]ntgtest@www.brandonchecketts.com[/email] R=lookuphost T=remote_smtp H=www.brandonchecketts.com [207.210.219.125]
    2010-12-24 16:14:44 1PWHmV-0001L9-UI Completed

    Code:
    Thank you for using the verifier,
    
    The Port25 Solutions, Inc. team
    
    ==========================================================
    Summary of Results
    ==========================================================
    SPF check:          pass
    DomainKeys check:   neutral
    DKIM check:         pass
    Sender-ID check:    pass
    SpamAssassin check: ham
    
    ----------------------------------------------------------
    DKIM check details:
    ----------------------------------------------------------
    Result:         pass (matches From: john@nwtechgroup.com)
    ID(s) verified: header.d=nwtechgroup.com
    Canonicalized Headers:
        message-id:<3c9895b21ab83028e7ecb77bb86af47a.squirrel@webmail.nwtechgroup.com>'0D''0A'
        date:Fri,'20'24'20'Dec'20'2010'20'16:13:05'20'-0800'0D''0A'
        subject:'0D''0A'
        from:"N.W.'20'Technology'20'Group"'20'<john@nwtechgroup.com>'0D''0A'
        to:check-auth@verifier.port25.com'0D''0A'
        reply-to:john@nwtechgroup.com'0D''0A'
        mime-version:1.0'0D''0A'
        content-type:text/plain;charset=iso-8859-1'0D''0A'
        content-transfer-encoding:8bit'0D''0A'
     [b]   dkim-signature:v=1;'20'a=rsa-sha256;'20'c=relaxed/relaxed;'20'd=nwtechgroup.com;'20's=default;'20'h=Message-ID:Date:Subject:From:To:'20'Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding;'20'bh=Ikg14KprzypYlejwPLa35vaNVzy198CRaqAFEDIficw=;'20'b=[/b]
    
    
    
    
    
    
    Some adjustments to /etc/exim.conf:
    Code:
    remote_smtp:
      driver = smtp
      dkim_selector = default
      dkim_canon = relaxed
      dkim_private_key = /usr/local/cpanel/etc/exim/dkim.key
      dkim_domain = nwtechgroup.com
      interface = ${if exists {/etc/mailips}{${lookup{$sender_address_domain}lsearch*{/etc/mailips}{$value}{}}}{}}
      helo_data = ${if exists {/etc/mailhelo}{${lookup{$sender_address_domain}lsearch*{/etc/mailhelo}{$value}{$primary_hostname}}}{$primary_hostname}}
    I haven't had the time to go through ALL of the threads, so there may be a better workaround for this, I'm not sure. BUT, I'm now running this on three production environments, and Yahoo and the other freebies don't seem to be treating my clients' emails as SPAM anymore.

    If this is of interest to anyone who would like to try it, just kick me an email. If this is of interest to enough people I will post a step-by-step. I am not employed by cPanel, I accept no responsibility for the outcome, yadda-yadda-yadda, so back up all your files before changing anything.

    And, if this or something similar has been done already, great at least I was able to do it without any documentation or outside help. :)
     
  2. SoftDux

    SoftDux Well-Known Member

    Joined:
    May 27, 2006
    Messages:
    983
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Johannesburg, South Africa
    cPanel Access Level:
    Root Administrator
    Thanx for this post, I'm going to set it up on 2 problematic servers and see if it helps with the Yahoo blockage at all.

    Would you say DKIM works better than DomainKeys?
     
Loading...

Share This Page