Tag Archives: exim

How to enable DKIM in cPanel server.

DomainKeys Identified Mail (DKIM) lets an organization take responsibility for a message while it is in transit and one can use this to prevent from getting blacklisted by the free email providers like Yahoo, MSN and Google. DKIM can increase the mail authenticity.

cPanel does not have an interface to enable DKIM like we have for SPF and Domain Keys. cPanel is still working on it for getting it implemented. However we can enable it manually by following the below steps.

Check if exim is compiled with DKIM support enabled.



[bash]root@server # /usr/sbin/exim -dd 2>&1 | grep Experimental_DKIM[/bash]

[bash]Support for: crypteq iconv() IPv6 PAM Perl OpenSSL Content_Scanning Old_Demime Experimental_SPF Experimental_SRS
Experimental_DomainKeys Experimental_DKIM[/bash]

Generate the SSL keys
[bash]cd /usr/local/cpanel/etc/exim[/bash]

[bash]openssl genrsa -out dkim.key 1024[/bash]



[bash]openssl rsa -in dkim.key -out dkim.public -pubout -outform PEM[/bash]


You will find two keys, dkim.key & dkim.public

Open dkim.public and copy the contents excluding the –Begin– and –End– section. This is your DKIM key.  Now open exim configuration file and append the below entries under the section ‘remote_smtp’

Sample file: vi /etc/exim.conf

——————————-

[bash]remote_smtp:
driver = smtp
#
dkim_domain=your_domain_name.com
dkim_selector=mail
dkim_private_key=/usr/local/cpanel/etc/exim/dkim.key #path to the dkim.key key.
interface = ${if exists {/etc/mailips}{${lookup{$sender_address_domain}lsearch*{/etc/mailips}{$value}{}}}{}}
helo_data = ${if exists {/etc/mailhelo}{${lookup{$sender_address_domain}lsearch*{/etc/mailhelo}{$value}{$primary_hostname}}}
{$primary_hostname}}[/bash]

————————–

Now on WHM, open DNS editor for the particular domain and add the TXT entry with DKIM key like below.

————————–

[bash]mail._domainkey.domain_name.com. IN TXT "v=DKIM1; g=*; k=rsa;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDv4PSEM9P
cxlI2tRojAUQ9hpRQ0Zj/XM4SK08/Drhm/CaspJAKZF9rZDAw18TrfuXeRgsMWAdS2vJ4Oa/kXqX0NM2eBJcmasu4GeNXANmXvC1umz+8mC6r
EPlE/Ucau4tmAHOZL0HJ9IDd/PIxoTkeTm3mjGeqvKBLbdvVIDXbcQIDAQAB"[/bash]

————————–

Here p=the_key_you_have_copied_from_dkim.public

Restart exim and named services.

[bash]/scripts/restartsrv exim[/bash]

[bash]/scripts/restartsrv named[/bash]

To check whether DKIM is setup properly, send a mail to dkimtest@atmail.org , if setup properly, you will get a reply like below ,else a failure message.

—————————————————-

Subject:    AutoReply from dkimtest@atmail.org

From:    spftest@your_domain_name.com

Date:    Sun, May 23, 2010 1:27 am

To:    spftest@your_domain_name.com

*** DKIM TEST SUCCESSFUL ***

—————————————————–

Or you can also test from http://www.brandonchecketts.com/emailtest.php

How to fix the WHM CSF security test errors!

As a part of ensuring security, we perform a CSF security scan from WHM. We may get the following error after the scan

Check csf LF_SCRIPT_ALERT option WARNING This option will notify you when a large amount of email is sent from a particular script on the server, helping track down spam scripts

To fix this error :  ssh into the server and edit the csf configuration file

vi /etc/csf/csf.conf

search for LF_SCRIPT_ALERT = “0″

Change the value from “0″ to “1″ to fix the issue.

Don’t forget to restart the CSF

You may also get the following error :

Check exim for extended logging (log_selector) WARNING You should enable extended exim logging to enable easier tracking potential outgoing spam issues. Add:log_selector = +arguments +subject +received_recipients

FIX:

Edit the exim configuration file :

/etc/exim.conf

Change the value from “log_selector = +all” to the following :

log_selector = +arguments +subject +received_recipients

save and restart the CSF to get this resolved.