Re: Auth on outgoing and dkim signing

Sun, 05 Feb 2017 22:23:28 -0800

I literally just did DKIM last week. And the way I did it didn't touch qpsmtpd, instead it's a couple helper scripts that feed qmail-remote, messages are signed as they're being sent out. The instructions I followed didn't exactly fit my setup but it only really took a couple edits to get things working. I'm pretty sure it was helpful that I have a real cert signed by a CA rather than self-signed, but maybe it doesn't matter(?)
At the same time I added TLS to qmail-remote so I now transmit email encrypted. Separately I activated the TLS plugin on qpsmtpd (mine is 0.95) so incoming mail can be encrypted too. I have a second instance of qpsmtpd for auth that has been using stunnel3 for encryption for years. Both QPs feed the same qmail instance. 

The DKIM instructions I used:
https://beingasysadmin.wordpress.com/2013/04/30/dkim-signing-in-qmail/


You will probably have to compile libdomainkeys to get the dktest binary 
because it's not usually included in distro packages. (Or maybe it's in 
the -devel pkg and I forgot to look?) I used opendkim-genkey from distro 
packages to make my dkim keys, rather than whatever the instructions said, 
just cuz I had it.


You will need to grab
http://www.memoryhole.net/qmail/dkimsign.pl
and
http://www.memoryhole.net/qmail/qmail-remote.sh

Qmail TLS patch was from http://inoa.net/qmail-tls/

Hope this gives you a start.

-frank


P.S. If you're using tcpserver you should be able to add your subnet to 
your tcp.cdb with a tag to tell QP it's ok. Something like:

172.22:allow,RELAYCLIENT=""

On Sun, 5 Feb 2017, Kjetil Kjernsmo wrote:


Date: Sun, 05 Feb 2017 23:35:06 +0100
From: Kjetil Kjernsmo <kje...@kjernsmo.net>
To: qpsmtpd@perl.org
Subject: Auth on outgoing and dkim signing

Hi all!

I finally have to get my outgoing SMTP working, and I have to DKIM-sign
them. So, I need to get auth working, the last time I tried, in 2009, I
simply couldn't get it working... That's a long time ago though :-)

But before I start, I still have 0.84, since the box is Debian Jessie.
Does the dkim plugin depend on a more recent version?

Secondly, I would like to just accept all email unauthenticated from my
LAN, can I configure qpsmtpd to let anything from 172.22.0.0/16 go through?

Kjetil























					Reply via email to