How to enable DomainKeys with latest exim builds?

[norelidd]

According to this: http://bugzilla.cpanel.net/show_bug.cgi?id=4099 , DomainKeys support in exim has been in EDGE builds since around 4/10/2007.

The question is, how do we enable, configure, and use this on our servers? Many people are having the problem of mail to DomainKeys-enabled servers being sent directly to the spambox. Such is the case on Yahoo at least, and surely other mailhosts are being more aggressive soon.

A test email from my EDGE 11.3 cpanel server to an account at yahoo mail displays as such at yahoo (after being fished out of the spambox)

<snip>
[b]Authentication-Results: mta361.mail.re4.yahoo.com  from=citronix.net; domainkeys=neutral (no sig)[/b]
<snip>

we see there that there is no domainkeys signature by default. So how do we get this working?

 

[msti]

Did you find any solution to this?

 

[norelidd]

nope, no luck so far. I would love for someone from cpanel to illuminate the path for us

 

[chirpy]

I haven't played with it myself, but the Exim Wiki page for DomainKeys is here:
http://www.exim.org/eximwiki/DomainKeys

Note that page does say that the support for it is "Experimental". You'll have to look around the DomainKeys site to find out how to implement it for outgoing email, incoming is explained clearly enough it seems in the wiki.

 

[MaraBlue]

I haven't played with it myself, but the Exim Wiki page for DomainKeys is here:
http://www.exim.org/eximwiki/DomainKeys

Note that page does say that the support for it is "Experimental". You'll have to look around the DomainKeys site to find out how to implement it for outgoing email, incoming is explained clearly enough it seems in the wiki.

That wiki talks about adding libraries to the Makefile, etc...which shouldn't be necessary if support is built into cPanel. If this is a feature cPanel has incorporated into cPanel/WHM, I think they should document it somewhere

 

[cPanelNick]

That wiki talks about adding libraries to the Makefile, etc...which shouldn't be necessary if support is built into cPanel. If this is a feature cPanel has incorporated into cPanel/WHM, I think they should document it somewhere

There are still memory leaks in the domain keys code because of openssl bugs.

We should be able to start using it once more people have ditched rh9.

 

[MaraBlue]

There are still memory leaks in the domain keys code because of openssl bugs.

We should be able to start using it once more people have ditched rh9.

Well BLAST those RH9 peeps!

This is good to know, though I'm not happy to hear about OpenSSL bugs (I had no idea). Just yesterday I was going through my list of installed software and noticed OpenSSL is kind of old, but I also made a note "do not update outside of cPanel", so I don't/didn't.

Is there a plan to move away from OpenSSL to something else, or upgrade it, or?

 

[cPanelNick]

Well BLAST those RH9 peeps!

This is good to know, though I'm not happy to hear about OpenSSL bugs (I had no idea). Just yesterday I was going through my list of installed software and noticed OpenSSL is kind of old, but I also made a note "do not update outside of cPanel", so I don't/didn't.

Is there a plan to move away from OpenSSL to something else, or upgrade it, or?

The memory leaks are only in the older versions. (ie rh9 land)

 

[MaraBlue]

The memory leaks are only in the older versions. (ie rh9 land)

So 0.9.7a is cool?

 

[jdlightsey]

The two OpenSSL memory cleanup functions that were a problem are EVP_MD_CTX_cleanup() and CRYPTO_cleanup_all_ex_data() introduced in the first release of OpenSSL 0.9.7. The domainkeys library assumes they're available and uses them.

On older distros with OpenSSL 0.9.6, domainkeys will leak a tiny amount of memory where those functions would have been called. If your distro shipped with any version of 0.9.7, it shouldn't be an issue.

 

[MaraBlue]

The two OpenSSL memory cleanup functions that were a problem are EVP_MD_CTX_cleanup() and CRYPTO_cleanup_all_ex_data() introduced in the first release of OpenSSL 0.9.7. The domainkeys library assumes they're available and uses them.

On older distros with OpenSSL 0.9.6, domainkeys will leak a tiny amount of memory where those functions would have been called. If your distro shipped with any version of 0.9.7, it shouldn't be an issue.

Awesome, thanks for the reply.

 

[norelidd]

Ok, so for those of use who are not affected by these bugs... how do we enable/setup domainkeys?

 

[JBenedetti]

I've been having serious problems with Yahoo greylisting my server and am another who is eager to enable DK. So, for those of us with OpenSSL/0.9.7a is the procedure simply that shown at http://www.exim.org/eximwiki/DomainKeys ? Or is there going to be something rolled into WHM 11 once the second stage of their update rolls out this month? I'm running a CURRENT release at the moment, which has phase 1 of the WHM 11 upgrade running.

 

[cPanelNick]

We have no plans to enable domain keys until after cPanel 11 has been rolled out.

 

[katmai]

cp11 has been rolled out. is there any update for this?
thanks in advance.

 

[MaraBlue]

cp11 has been rolled out. is there any update for this?
thanks in advance.

Barely. Give the guys some time...like 1-2 months. I would expect they have more pressing matters to deal with right now.

 

[sparek-3]

I really thought cPanel's version of exim had DomainKeys support compiled in, but when I tried it, it didn't seem to work. Though, it should be noted that I am no where near a DomainKeys expert so I may not have done something right. I also didn't really put a lot of investigation into why it didn't work.

All that being said, there is this post:

http://forums.cpanel.net/showthread.php?t=67546

Where nick states that DomainKeys support likely won't be out this year.

 

[chirpy]

cPanel have now put experimental beta support into the EDGE builds for domainkeys. I would imagine it will be a while before it's officially incorporated.