Domainkeys is a method mostly used by yahoo to verify that the sender of an email is valid. I did notice that gmail changes the domainkeys header line to a pass value but I don’t know if they block/accept mail based on that.

First install some dependencies.

yum install sendmail-devel openssl-devel

First download the latest version of dk-milter by going to http://sourceforge.net/projects/dk-milter/

cd /usr/src/
wget http://downloads.sourceforge.net/dk-milter/dk-milter-1.0.0.tar.gz

Then extract it using the command

tar xzf dk-milter-1.0.0.tar.gz
cd dk-milter-2.6.0

Start by copying the sample config file to the proper directory and the make/make installing

cp site.config.m4.dist devtools/Site/site.config.m4
make; make install

You may see a few errors during the install, as long as they are just about creating the man pages you should be alright. Now change back to a good working directory and create your new keys.

cd ~/ssl-gen
openssl genrsa -out rsa.private 768
openssl rsa -in rsa.private -out rsa.public -pubout -outform PEM

Make the directory and move the private key into it.

mkdir -p /var/db/domainkeys/
cp rsa.private /var/db/domainkeys/mail.key.pem

Now we should set up our DNS TXT records with our public key. This is how it should look in a bind zone file. Put the public key only and not the “BEGIN RSA PRIVATE…” or “END RSA…” parts of the key with out parenthesis.

mail._domainkey.jkurtzman.com.         IN TXT  “k=rsa; t=y; p=(Paste the public key here)”
_domainkey.jkurtzman.com.                 IN TXT  “t=y; o=~”

You can use the following command to verify that your TXT record was set up correctly.

dig +short mail._domainkey.jkurtzman.com TXT

Now we will need to make the init script so the it starts when the computer reboots. Put the following into a file called /etc/init.d/domainkeys. Of course be sure to change the domain to your own domain. Remember to fix any lines that have wrapped when copying. Especially the COMMAND line.

#!/bin/sh
#
# “/etc/rc.d/init.d/dk-filter”
# Start/stop script for the dk-filter daemon on RedHat Linux
#
# chkconfig: – 79 31
# description: Acts as the “dk-filter” InputMailFilter (milter) for the \
# Sendmail MTA to provide DomainKeys service

############################################################
#
# Be sure to edit these values:
#
KEYFILE=”/var/db/domainkeys/mail.key.pem”
DOMAIN=”jkurtzman.com”
SELECTOR=”mail”
USER=”domainkeys”
#
############################################################

PIDFILE=”/var/run/dk-milter/pid”
SUBMISSION_DAEMON=”smtp”
PORT=8891

# Source function library. Provides the “status” option
. /etc/init.d/functions

test -x `which dk-filter` || exit 0

RETVAL=0

start() {
echo -n $”Starting dk-filter: ”
COMMAND=”dk-filter -u $USER -b s -p inet:$PORT@localhost -l -P $PIDFILE -s $KEYFILE -d $DOMAIN -S $SELECTOR -m$SUBMISSION_DAEMON -c nofws”
# echo -e “Now executing\n”$COMMAND””
daemon $COMMAND
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && touch /var/lock/subsys/dk-filter
return $RETVAL
}

stop() {
echo -n $”Stopping dk-filter: ”
killproc dk-filter
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && rm -f $PIDFILE /var/lock/subsys/dk-filter
return $RETVAL
}

restart() {
stop
start
}

case “$1″ in
start)
start
;;
stop)
stop
;;
status)
status dk-filter
;;
restart)
restart
;;
*)
echo $”Usage: $0 {start|stop|status|restart}”
exit 1
esac

exit $?

Give your new file execute permisions, create a user for domain keys to run as, and start it

chmod +x /etc/init.d/domainkeys
useradd domainkeys
service domainkeys start

If everything work you should see that the dk-filter has started.
Now run chkconfig so the service starts when you reboot.

chkconfig domainkeys on

Now add this to your /etc/mail/sendmail.mc file.

INPUT_MAIL_FILTER(`dk-filter’, `S=inet:8891@localhost’)

And make and restart sendmail.

cd /etc/mail
make
service sendmail restart

You should now be able to send email and be domainkey verified. If you are relaying mail through the mail server you will need to make sure you are using SMTP Authentication otherwise the  dk-filter will not add the header information.

Try sending an email to a yahoo account and see if you get secure icon.

Source:

http://luxio.us/cMZ11e