Hi.
I'm usually helping people at WHT, but thought I would share this here as well.
I'm honestly not sure if this is old news by now, but I've been reading up here, especially This DKIM thread.
I've put together a workaround process to support DKIM signatures. It has worked in QA, and I just moved it to the production nodes today. I am running 11.28.52-RELEASE_50725.
Involves a bit of manual zone tweaking, a few unexpected tricks in cPanel "Email Authentication" and some tedious time spent in exim.conf, exim.conf.localopts and verifying your MAILHELO and /etc/mail_reverse_dns. The only downside is that you have to give up DomainKeys Signatures if you want support for DKIM.
Some adjustments to /etc/exim.conf:
I haven't had the time to go through ALL of the threads, so there may be a better workaround for this, I'm not sure. BUT, I'm now running this on three production environments, and Yahoo and the other freebies don't seem to be treating my clients' emails as SPAM anymore.
If this is of interest to anyone who would like to try it, just kick me an email. If this is of interest to enough people I will post a step-by-step. I am not employed by cPanel, I accept no responsibility for the outcome, yadda-yadda-yadda, so back up all your files before changing anything.
And, if this or something similar has been done already, great at least I was able to do it without any documentation or outside help.
I'm usually helping people at WHT, but thought I would share this here as well.
I'm honestly not sure if this is old news by now, but I've been reading up here, especially This DKIM thread.
I've put together a workaround process to support DKIM signatures. It has worked in QA, and I just moved it to the production nodes today. I am running 11.28.52-RELEASE_50725.
Involves a bit of manual zone tweaking, a few unexpected tricks in cPanel "Email Authentication" and some tedious time spent in exim.conf, exim.conf.localopts and verifying your MAILHELO and /etc/mail_reverse_dns. The only downside is that you have to give up DomainKeys Signatures if you want support for DKIM.
Code:
2010-12-24 16:14:43 H=localhost.localdomain (webmail.nwtechgroup.com) [127.0.0.1] Warning: Sender rate 23.0 / 1h
2010-12-24 16:14:44 1PWHmV-0001L9-UI <= [email][email protected][/email] H=localhost.localdomain (webmail.nwtechgroup.com) [127.0.0.1] P=esmtpa A=dovecot_login:[email protected] S=1206 id=b1eacef86e96334e4c505a8d303a6d5c.squirrel@webmail.nwtechgroup.com
[b]2010-12-24 16:14:44 1PWHmV-0001L9-UI Message signed with DKIM: DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=nwtechgroup.com; s=default; h=Message-ID: Date: Subject:From:To: [/b]
Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding;
bh=Ikg14KprzypYlejwPLa35vaNVzy198CRaqAFEDIficw=; b=NNpIAwZgPcYrL
oyV6cWD4UBZuFpjVg+rekMFxUJwx7e/5XfReZ2ah1OrghDJdUJ/ECyjuKrgFbz7v
OfKWy/JPZabVfTpKcFg6YBIcT/tHVwGxKkM82VYo21R+Yzb23LPRKuwGeLyA3DEs
VxTC0nZqUFCMlmH2xnqEYN5pyy6dFI=
2010-12-24 16:14:44 1PWHmV-0001L9-UI => [email][email protected][/email] R=lookuphost T=remote_smtp H=www.brandonchecketts.com [207.210.219.125]
2010-12-24 16:14:44 1PWHmV-0001L9-UI Completed
Code:
Thank you for using the verifier,
The Port25 Solutions, Inc. team
==========================================================
Summary of Results
==========================================================
SPF check: pass
DomainKeys check: neutral
DKIM check: pass
Sender-ID check: pass
SpamAssassin check: ham
----------------------------------------------------------
DKIM check details:
----------------------------------------------------------
Result: pass (matches From: [email protected])
ID(s) verified: header.d=nwtechgroup.com
Canonicalized Headers:
message-id:<3c9895b21ab83028e7ecb77bb86af47a.squirrel@webmail.nwtechgroup.com>'0D''0A'
date:Fri,'20'24'20'Dec'20'2010'20'16:13:05'20'-0800'0D''0A'
subject:'0D''0A'
from:"N.W.'20'Technology'20'Group"'20'<[email protected]>'0D''0A'
to:[email protected]'0D''0A'
reply-to:[email protected]'0D''0A'
mime-version:1.0'0D''0A'
content-type:text/plain;charset=iso-8859-1'0D''0A'
content-transfer-encoding:8bit'0D''0A'
[b] dkim-signature:v=1;'20'a=rsa-sha256;'20'c=relaxed/relaxed;'20'd=nwtechgroup.com;'20's=default;'20'h=Message-ID:Date:Subject:From:To:'20'Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding;'20'bh=Ikg14KprzypYlejwPLa35vaNVzy198CRaqAFEDIficw=;'20'b=[/b]
Code:
remote_smtp:
driver = smtp
dkim_selector = default
dkim_canon = relaxed
dkim_private_key = /usr/local/cpanel/etc/exim/dkim.key
dkim_domain = nwtechgroup.com
interface = ${if exists {/etc/mailips}{${lookup{$sender_address_domain}lsearch*{/etc/mailips}{$value}{}}}{}}
helo_data = ${if exists {/etc/mailhelo}{${lookup{$sender_address_domain}lsearch*{/etc/mailhelo}{$value}{$primary_hostname}}}{$primary_hostname}}If this is of interest to anyone who would like to try it, just kick me an email. If this is of interest to enough people I will post a step-by-step. I am not employed by cPanel, I accept no responsibility for the outcome, yadda-yadda-yadda, so back up all your files before changing anything.
And, if this or something similar has been done already, great at least I was able to do it without any documentation or outside help.
