Selor DKIM - Basic Documentation

 

Instalation

ATTENTION: This program needs of resources that are available only in Selor 1.3 and beyond


Selor_DKIM is a external tool to generate DKIM signatures in emails that pass through your MTA Selor.
Many emails servers check for these signatures to prove whether its source and content is authentic

If your email has a valid DKIM signature, it will receive a good score on great part of email servers from world.

A quick explanation (IMPORTANT):

In a DKIM signature, we have a selector domain that will used in recipient side to know where seek the public key.

The message is signed with the private key, but is with the public key that the remote  MTA checks the authenticity of this message.

In this example I will use the mtaselor.com.br domain with ''s19801007' selector. You can use a selector that you want.
My DNS must have a TXT DNS entry like this:

s19801007._domainkey.mtaselor.com.br

Example:
If your domain is 'mydomaintest123456.net' and you have chose the selector 'testselor2015', the entry of your DNS must be:
testselor2015._domainkey.mydomaintest123456.net



The entry s19801007._domainkey.mtaselor.com.br  really exists in mtaselor.com.br domain. You can check its public key with this command:

host -t txt s19801007._domainkey.mtaselor.com.br

You can have many domains in your server and use only one main domain to sign all messages of all domains. I will use this case here, but the selor_dkim has resources to consult a different signature key for each domain with base in your MySQL database.

The part of DNS (named) I will not show to you because this tutorial would be too large.


Well, go to the instalation
 

Download this tool in website here.

Put the file inside directory 'uteis' of your Selor directory and unzip this. (Obs: You can change the name of this directory if you want: 'utils', 'tools', etc.)

cp selor_dkim_1.0.tar.bz2 /usr/local/selor/uteis

cd /usr/local/selor/uteis

tar xjf selor_dkim_1.0.tar.bz2


Compile the module conforms your system:

--> Linux 32 Bits
gcc selor_dkim.c -o selor_dkim -lssl -lmysqlclient -lcrypto

--> Linux 64 Bits
gcc selor_dkim.c -o selor_dkim -DA64 -lssl -lmysqlclient -lcrypto

--> FreeBSD 32 Bits
gcc selor_dkim.c -o selor_dkim -L/usr/local/lib/mysql -DFreeBSD -lssl -lmysqlclient -Wall

--> FreeBSD 64 Bits
gcc selor_dkim.c -o selor_dkim -L/usr/local/lib/mysql -DFreeBSD -DA64 -lssl -lmysqlclient -Wall

 

chmod 555 /usr/local/selor/selor_dkim

 

Now we need generate the private and public keys
The private key must be 'hidden' in your server and used by selor_dkim to generate the signatures that will be placed inside of the emails.

mkdir /usr/local/selor/uteis/dkim_keys/

cd /usr/local/selor/uteis/dkim_keys

openssl genrsa -out dkim_private.key 1024

openssl rsa -pubout -in dkim_private.key  -out dkim_public.key

Take the content of your public key (dkim_public.key) and put in your domain.

cat /usr/local/selor/uteis/dkim_keys/dkim_public.key

In my case, the content is:

-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDQ1qvWQGZ6+Xs12ZKBVv/T+ITS
tNmT3qd5FIJS+HqSt62PKHT3SvHy6KIAAmnoK4EF3sxJ7qVUeXXnRF6kJ9QbP60J
7QgXxQ/kxtgn1ZZjYKXgAIXrpVsJd5iOnymIynAsw74HAsyShhxnz4qYyN2PIH85
cpTn0pv6TyLsT2Nf5QIDAQAB
-----END PUBLIC KEY-----

Copy the key (Without the lines '-----BEGIN PUBLIC KEY-----' and '-----END PUBLIC KEY-----') with a CTRL+C and paste this in a text editor and let this in a only one line.

MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDQ1qvWQGZ6+Xs12ZKBVv/T+ITStNmT3qd5FIJS+HqSt62PKHT3SvHy6KIAAmnoK4EF3sxJ
7qVUeXXnRF6kJ9QbP60J7QgXxQ/kxtgn1ZZjYKXgAIXrpVsJd5iOnymIynAsw74HAsyShhxnz4qYyN2PIH85cpTn0pv6TyLsT2Nf5QIDAQAB

Make the TXT entry in you DNS, in my case, s19801007._domainkey.mtaselor.com.br  with this content:

Syntax:
v=DKIM1; k=rsa; p=[THE PUBLIC KEY]

Example:
"v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDQ1qvWQGZ6+Xs12ZKBVv/T+ITStNmT3qd5FIJS+HqSt62PKHT3S
vHy6KIAAmnoK4EF3sxJ7qVUeXXnRF6kJ9QbP60J7QgXxQ/kxtgn1ZZjYKXgAIXrpVsJd5iOnymIynAsw74HAsyShhxnz4qYyN2PIH85cpTn0
pv6TyLsT2Nf5QIDAQAB"

Obs: Remember, you must put the content of your public key and this entry is a only one line.

Put the content in your DNS domain and restart him
 

Now, in file specified by Event.data you need call the selor_dkim:

pico /usr/local/selor/rules_data

Put this content in your rules-file (two rules) (Obs: I will use with a example the 'mtaselor.com.br' domain. Change this for your domain)

Auth? Internal_from? Exec! "/usr/local/selor/uteis/selor_dkim --gen %L/c%d -h 'From:To:Date:Subject' -s s19801007 -d 'mtaselor.com.br' --pkey /usr/local/selor/uteis/dkim_keys/dkim_private.key"

Auth? Internal_from? Itest? "%t=0" Hadd! "%E"


Explanation:

The first rule runs the selor_dkim that analyzes the email on queue and 'prints' in stdout the generated key, ready to be placed on header of email.
The second rule executes the 'Hadd!' action that marks this printed text on email header when it is sent to a external host. In old versions of MTA Selor (less than 1.3), the Hadd action is not has effect in Event.data. This feature was added in Selor 1.3. 
 

It is done. All AUTHENTICATED messages sent by your customers will be signed with a DKIM key.

 

 
Powered by C - Assembly