1. mkdir -p /var/cpanel/domain_keys/private; mkdir -p /var/cpanel/domain_keys/public
2. Goto /var/cpanel/domain_keys/
3. openssl genrsa -out private/[domain_name] 768
4. openssl rsa -in private/[domain_name] -out public/[domain_name] -pubout -outform PEM
5. grep dk_selector /etc/exim.conf
6. Now open open up the zone file and add
_domainkey.[domain_name]. IN TXT "t=y; o=-"
[value of dk_selector]._domainkey.[domain_name]. IN TXT "k=rsa; t=y; p=[cat public/[domain_name]]"
7. Restart exim and named services
domainkeys.txt
$ openssl genrsa -out rsa.private 768
$ openssl rsa -in rsa.private -out rsa.public -pubout -outform PEM
k=rsa; t=y; p=MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhALtE8jD4rOXWzjx9gEtMRajyBNHm5ZD2NRqSrFKZ/bWNhSbpW8Kr+5SuwixxVeIAuP7d3ZknxK4ZF0WLVDHQpMa+lZpGThSaJn1zAilmetM5h4LBsw0xoxcB8xtnPoHGJwIDAQAB
===================================================================
remote_smtp:
driver = smtp
dk_selector = myselector # you will need this later when you will alter your dns config
dk_private_key = /usr/local/etc/exim/dk/rsa.private
dk_canon = nofws
===> Restart Exim
_domainkey.yourdomain.com. IN TXT "t=y; o=-"
myselector._domainkey.yourdomain.com. IN TXT "k=rsa; t=y; p=MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhAKJ2lzDLZ8XlVambQfMXn3LRGKOD5o6lMIgulclWjZwP56LRqdg5ZX15bhc/GsvW8xW/R5Sh1NnkJNyL/cqY1a+GzzL47t7EXzVc+nRLWT1kwTvFNGIoAUsFUq+J6+OprwIDAQAB"
You will have to edit and add that "check-names master ignore;" thing if you get the following error in your logs:
Aug 28 15:02:33 noc1 named[83277]: pri/com/yourdomain.com:15: myselector._domainkey.yourdomain.com: bad owner name (check-names)
Aug 28 15:02:33 noc1 named[83277]: zone yourdomain.com/IN: loading master file pri/com/yourdomain.com: bad owner name (check-names)
The long string after ....."k=rsa; t=y; p= is your public key which i said you should keep for later use.
===================================================================
No comments:
Post a Comment