Tuesday, December 11, 2012

Postfix + DKIM setup



Installation

1) Get the rpmforge repo and install it.

# wget http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm
# rpm -ivh rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm
# yum install opendkim postfix

2) stop sendmail and remove from auto start.
# /etc/init.d/sendmail stop# chkconfig remove sendmail

3) add postfix and opendkim to the autostart pool
# chkconfig postfix on# chkconfig opendkim on

4) configure postfix.
# vi /etc/postfix/main.cf

configuration options: change the following or comment out the existing and add accordingly.
myhostname = server.yourdomainname.com ( your server hostname )mydomain = yourdomainname.commyorigin = $mydomaininet_interfaces = allmydestination = $myhostname, localhost.$mydomain, localhost, $mydomainhome_mailbox = Maildir/

Add the following for DKIM in postfix main.cf
smtpd_milters = inet:localhost:8891non_smtpd_milters       = $smtpd_miltersmilter_default_action   = acceptmilter_protocol   = 2

5) configure Opendkim


Configuration files of OpenDKIM

1. /etc/opendkim.conf – OpenDKIM’s main configuration file
2. /etc/opendkim/KeyTable – a list of keys available for signing
3. /etc/opendkim/SigningTable – a list of domains and accounts allowed to sign
4. /etc/init.d/opendkim — Service start up file.
# vi /etc/opendkim.conf

Configuration options:

PidFile /var/run/opendkim/opendkim.pidMode    svCanonicalization        relaxed/simpleSyslog  yesSyslogSuccess   yesLogWhy  yesUserID  opendkim:opendkimSocket  inet:8891@localhostUmask   002Selector        defaultKeyTable        refile:/etc/opendkim/KeyTableSigningTable    refile:/etc/opendkim/SigningTableExternalIgnoreList      refile:/etc/opendkim/TrustedHostsInternalHosts   refile:/etc/opendkim/TrustedHosts

# cd /etc/opendkim

We will create the public and private keys now.

# cd keys# mkdir yourdomainname.com; cd yourdomainname.com# opendkim-genkey -d yourdomainname.com -s default

here -d denotes your domain and -s is for selector.
# chown opendkim.opendkim ../yourdomainname.com -R

# cd ..# vi KeyTable

default._domainkey.yourdomainname.com yourdomainname.com:default:/etc/opendkim/keys/yourdomainname.com/default.private
# vi SigningTable
*@yourdomainname.com default._domainkey.yourdomainname.com

# vi TrustedHosts
127.0.0.1localhostserver.yourdomainname.comyourdomainname.com

Note: ensure that localhost is mentioned in TrustedHosts file.

Now we are ready to test this. Start opendkim first and then postfix.
# /etc/init.d/opendkim start# /etc/init.d/postfix start

Ensure that OpenDKIM logs has written on mail log file. This is the only file where you ca see any issue with the opendkim errors.
# tail -f /var/log/maillog

Sep 20 09:43:50 server opendkim[8535]: OpenDKIM Filter v2.5.2 starting (args: -x /etc/opendkim.conf -P /var/run/opendkim/opendkim.pid)


Add the DNS records to your domain name. You can get the public dns record from the following file. This is TXT record.
# cat /etc/opendkim/keys/mydomain.com/default.txt

ensure to add  a "k" ahead of ;=rsa; by default it will be without k, after the mentioned changes the dns record will have ;k=rsa;
default._domainkey IN TXT "v=DKIM1;k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJmb2F+hGx+/1Y4dadbsTzg/thhJVsZHT5chFhaoZH6SMALX6J9IIIPSW3NRsap/mUQQ5GVG9IHIBfpAsIJr8CILOVcqAWQbG5XTn9Sk1p76abg3tyR01rhSTG2CljLmkNAPqOSrE5uUEXRq1T+eGhS1EVHFWmQ5lF8ZAyoyEHewIDAQAB" ; ----- DKIM default for yourdomainname.com


Important : Don’t forget to set SPF record that may boost the email delivery.

Send out a test email and verify.
# echo " This is a test mail " | mail -s "OpenDKIM test mail" mygmail@gmail.com

If everything goes well you see a messages “DKIM-Singnature header added” in mail log.
# tail -f /var/log/messages

Sep 20 09:47:33 server opendkim[8535]: 33040108639: DKIM-Signature header added (s=default, d=yourdomainname.com)Sep 20 09:47:33 server postfix/qmgr[2390]: 33040108639: from=, size=3016, nrcpt=1 (queue active)Sep 20 09:47:33 server sendmail[8671]: q8KDlXa9008671: to=mygmail@gmail.com, ctladdr=user@yourdomainname.com (503/503), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=32554, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (Ok: queued as 33040108639)Sep 20 09:47:33 server postfix/smtpd[8636]: disconnect from GF-P-server.yourserver.com[127.0.0.1]Sep 20 09:47:34 server postfix/smtp[8642]: 33040108639: to=, relay=mailin-04.mx.aol.com[205.188.146.194]:25, delay=1.3, delays=0.1/0/0.24/0.95, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 05217380000B9)Sep 20 09:47:34 server postfix/qmgr[2390]: 33040108639: remove 


Check the email header for confirmation : you should see dkim= pass


Hope this helps :)
Posted by at No comments:

Saturday, October 13, 2012

Quick Setup KVM aka Kernel-based Virtual Machine

Well, I thought this was something difficult, but trust me its not brain twister to setup the virtual machines using KVM.

Note: This tutorial assumes you understand the basics of linux and aware of the commands usage.

Ok here is how I setup the same.

1. Install CentOS 6  ( minimal Installation )
2. Turn of selinux

# vi /etc/selinux/config

make the following change.

SELINUX=disabled 
Now reboot your machine to have this applied.

3. Update the system using yum

4. Install packages for Virtualization to work.

# yum install -y openssh-server openssh-client qemu-kvm  libvirt bridge-utils virt-manager.x86_64  virt-top.x86_64 screen

5. Lets setup the network now. For the kvm to work, we will need to setup bridge network. The following is the configuration options.


[root@server ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE="eth0"
NM_CONTROLLED="no"
ONBOOT=yes
HWADDR=00:01:6C:53:82:72
BRIDGE="br0"
[root@server ~]# cat /etc/sysconfig/network-scripts/ifcfg-br0
DEVICE="br0"
NM_CONTROLLED="no"
ONBOOT=yes
HWADDR=00:01:6C:53:82:72
TYPE=Bridge
IPADDR=192.168.1.10
PREFIX=24
GATEWAY=192.168.1.1
DNS1=8.8.8.8


4. Save the settings and open a screen to restart the network.

# screen -S network
# /etc/init.d/network restart
5. Now you should see the bridge network up and running.

6. Start libvirtd

# /etc/init.d/libvirtd start

Oops. it did not start for me :D here's what was missing

#  yum -y install avahi

Now libvirtd will start..

7. Copy an ISO to your home directory so that we can use this for creating Virtual Machines, we will be using centos here.

8. Create your VMs now

# virt-install --name=server_name --ram=512 --arch=x86_64 --vcpus=2 --location=/home/packages/CentOS-6.0-x86_64-bin-DVD1.iso  --os-type=linux --os-variant=rhel6 --file /home/images/server.img  --nonsparse --nographics -s15 --extra-args='console=tty0 console=ttyS0,115200n8' --prompt
9. Use Man pages for exact options.

Hope this helps :)






Posted by at No comments:

Friday, February 17, 2012

Unable to install applications using GEM

I faced an issue today, I was trying to install a package using gem command but ended up in the following error


Building native extensions.  This could take a while...
ERROR:  Error installing cassandra:
        ERROR: Failed to build gem native extension.
/usr/bin/ruby extconf.rb
mkmf.rb can't find header files for ruby at /usr/lib/ruby/ruby.h

So in order to fix this you need to install the ruby-devel package.

you can use yum or rpm or which ever you are comfortable with.

Posted by at No comments:
Subscribe to: Posts (Atom)