spammer | Walking in Light with Christ - Faith, Computing, Diary

Posts Tagged ‘spammer’

How to disable spammer domain in QMAIL mail server with badmailto variable

Thursday, July 12th, 2012

I've recently noticed one of the qmail SMTP servers I adminster had plenty of logged spammer emails originating from yahoo.com.tw destined to reache some random looking like emails (probably unexisting) again to *@yahoo.com.tw

The spam that is tried by the spammer is probably a bounce spam, since it seems there is no web-form or anything wrong with the qmail server that might be causing the spam troubles.
As a result some of the emails from the well configured qmail (holding SPF checks), having a correct existing MX, PTR record and even having configured Domain Keys (DKIM) started being marked, whether emails are sent to *@yahoo.com legit emails.

To deal with the shits, since we don't have any Taiwanese (tw) clients, I dediced to completely prohibit any emails destined to be sent via the mail server to *@yahoo.com.tw. This is done via /var/qmail/control/badmailto qmail control variable;

Here is content of /var/qmail/control/badmailto after banning outgoing emails to yahoo.com.tw;;;

qmail:~# cat /var/qmail/control/badmailto [!%#:\*\^] [\(\)] [\{\}] @.*@ *@yahoo.com.tw

The first 4 lines are default rules, which are solving a lot of badmailto common sent emails. Thanks God after a qmail restart:

qmail:~# qmailct restart ....

Checking in /var/log/qmail-sent/current, there are no more outgoing *@yahoo.com.tw destined emails. Problem solved …

Share this on

Tags: Auto, bounce, cat, checks, com, common, configured, control, control variable, default rules, dkim, domain, Draft, god, legit, mail, mail server, mx, outgoing emails, plenty, ptr, Qmail, qmailct, reache, Result, shits, smtp servers, spam, spammer, SPF, twThe, var, well, Yahoo, yahoo com tw
Posted in Qmail, System Administration | 1 Comment »

How to enable Newsletter support to WordPress based website or blog with Newsletter or E-mail Newsletter plugin

Tuesday, April 3rd, 2012

One of the companies, where I'm doing a part time job, as an IT Consultant, System Administrator and Web developer, a e-marketing specialist and business consultant (the list goes on ) … planned to integrate a Newsletter support in their WordPress based websites.

As this fits my "job description" ,I took the task and implemented a simple but functional Newsletter support to their 4 WP based sites. In this article I will in short describe, my experience with placing the Newsletter subscription.:

Earlier I've done something similar as, I've added a subscipriotion (form) box to WordPress to use Google Feedburner RSS . What I needed this time, however was a bit different. The company required the newsletter to be a separate one and don't relay on Google Feedburner (RSS) to deal with the subscriptions .

It took me a while until I came with a working version of a Newsletter and I actually tested all in all 4 newsletter wordpress plugins before, I had a well working one. Here in short, In this article I will shortly take a look at the 4 WP newsletter plugins:

1. A wordpress plugin called simply Newsletter

As of time of writting this is the most popular wordpress plugin, when I looked through:

http://wordpress.org/extend/plugins/

Wordpress Newsletter plugin can be obtained via http://wordpress.org/extend/plugins/newsletter/
Its really Advanced, probably the best free newsletter for WP available as of time of writting. The plugin supports email subscriber user confirmation (double opt-in), as well as can be accustomized to work with single opt-in.
For all those who don't know Double Opt-In is the technical term for a once requested user email (single opt-in), for subscription which is later confirmed by following an email box sent link pointing to confirmation URL.

Double Opt-In is almost a standard and "must" as otherwise, many spam bots will fill in randomly email addresses and your subscribers list will be mostly containing spammer email addresses.

1. Install WordPress Newsletter Plugin To install Newsletter plugin;

a) download and put into wp-content/plugins/ and unzip

server:~# cd /var/www/blog/wp-content/plugins server:/var/www/blog/wp-content/plugins# wget -q http://downloads.wordpress.org/plugin/newsletter.zip server:/var/www/blog/wp-content/plugins# unzip newsletter.zip

b) Enable in Plugins:

Plugins -> Newsletter (Activate)

c) Configure Newsletter

A new menu will appear in the left WP control panel, like you see in below screenshot:

Wordpress Newsletter plugin configuration Screenshot

Newsletter plugin is very configurable but it takes a bit of longer time until it is confingured to work well. So be patient with it.

d) Make Newsletter field appear on a wordpress home page.

In order to enable just configure Newsletter plugin (text and subscription form) to appear on the wordpress pages, you need to add the plugin as a widget. To do so go to:

Appearance -> Widgets

Newsletter WordPress plugin with few other widgets screenshot

Drag and drop the Newsletter plugin widget to the widget right pane. Put it on the exact place you would like it to appear.

Once the widget is placed, you will see it appear to the respective location on WP pages, you should have something like:

Join our Newsletter WordPress screenshot

If while you enable the plugin and put the Newsletter widget doesn't appear on WordPress, this is probably due to some Cache left from some enabled WP caching pugin like W3 Total Cache

In any case if Newsletter form subscription, is not appearing on your pages, delete the cache/ directory:

# rm -rf /var/www/wordpress-site/wp-content/cache/

I've experienced, this caching problems and it was quite a riddle, until I found out that the Newsletter plugin is not appearing on the WP pages because of the old cache. I've checked bacicly everything (error.log , apache php_error.log) etc.. Therein, there was no error or anything, so after a long 1 hour or so poundering I figured out this kind of caching done by W3 Cache.

My guess is, the same newsletter "not working" issue is probably observable also on WP installs with other caching plugins like WP Hyper Cache or WP Db Cache

2. ALO EasyMail Newsletter WordPress plugin

I don't know, why but this plugin didn't work properly on the wordpress install, I've tested it. Its true the wordpress version where I give it a try was not running, the latest stable wordpress so I assume this might be the reason for the empty pages returned when I enabled the plugin.

According to wordpress's plugin – http://wordpress.org/extend/plugins/alo-easymail/, the plugin is marked as Works, however in my case it didn't.

3. Adding WordPress Newsletter through Email newsletter

This plugin was a real piece of cake, compared to all of the rest, tested this one was the easiest one to install and configure on WordPress.
Just like with Newsletter and ALO EasyMail Newsletter once the user is subscribed, from the admin there is possibility to sent crafted messages to all subscribers.
The plugin is a great, choice for anyone who is looking for quick install of Newsletter on WordPress without extra "config" complications.
Below is a quote describing email newsletter, taken from the plugin author webpage;

Advantage of this plugin

Simple no coding required.
Easy installation .
Using this plug-in we can send email to all registered folks.
Using this plug-in we can send email to all comment posted folks.
Email subscribe box for front end
Check box option available to select/unselect emails from the send mail list.
Integrated the email newsletter plugin & simple contact form plugin

- Enabling the plugin is done via admin menus:

Plugins -> Inactive -> Email Newsletter (enable)

Afterwards, the plugin requires a quick configuration from wp-admin:

Email Newsletter -> Subscriber form setting

Join our Newsletter WordPress Screenshot

You see in the screenshot, the config where to place the plugin is trivial.

To make Email Newsletter appear on the pages, you will have to add the Email Newsletter widget from:

Appearance -> Widgets

The widget looks like the one in below screenshot:

Email Newsletter WordPress plugin widget screenshot

Drag and drop the widget to the widgets pane. Onwards on the wordpress pages, should appear an email subsciption box:
Email Newsletter on WordPress page Screenshot
Though Email Newsletter is great, it has one serious drawback, as it doesn't support Double Opt-In. Therefore people subscribing through it are not mailed with a request to confirm their email subscription request.
As a result, its very likely many spam-bots submit fake emails in the newsletter subscribe form and in 1 year time your newsletter email list might get full with tens of thousands unexistent emails. If you end up with this bad scenario, once newsletter emails are sent to (regular) exitent subscribers, many of the bulk emails in the list will never reach their senders, but will just fill-up the mail server queue and take up server resources for nothing for one week or so (depending on the email configuration keep undelivered mail setting).
Anyways, since the basis of this plugin works fine, I'm sure if the author modifies it to include a simple Captcha instead of double-opt functionality, the plugin can become top plugin.

Share this on

Tags: administrator, ALO, Auto, bit, blog, business consultant, Cache, confirmation, confirmation url, description, download, Draft, e mail, email addresses, Feedburner, form, free newsletter, google, Install, job, job description, mail newsletter, marketing, newsletter, newsletter subscription, newsletter support, NewsletterAs, Opt, part time job, plugin, Plugins, quot, relay, something, spammer, specialist, subscriber, subscribers, subscriptions, support, system administrator, time, web developer, Wordpress, wp newsletter, writting
Posted in System Administration, Web and CMS, Wordpress | 3 Comments »

Xtractor Extreme, Power Email Harvester and AMS (Advanced Mass Sender) three Windows programs to Beware of

Monday, August 15th, 2011

Few days ago, I’ve catch some Spammers on some of the servers running Windows inside Virtual Private Servers.

I was doubting if I want to write an article to mention about this 3 piece of software as it might be a bit boury however eventually I thought the goods of it will be better so I just took minutes and wrote it.

Back to the topic the three programs which the spammer was installed and prepare to do his spamming job on the VPS server was:
1. Xtractor Extreme

2. Power Email Harvester

3. Advanced Mass Sender

In order to hide his real IP address and prevent the IP he was spamming, he has also installed some anonyous proxy like Windows software called Hide My IP

The first program Xtractor is basicly an Email collector, the program crawls the net and searches to match email string on web pages.
It get target websites from major search engines.
You put an email like @gmail.com inside it and it starts spidering and grabs all email strings under the domain @gmail.com. Besides that Xtractor Extreme Pro is freeware and can be easily downloaded from many locations online.

Power Email Harvester‘s program name is also quite self-explanatory, what it does is it digs the net for email addresses and generates spam lists … This is the ultimate tool for a spammer, however the guys who create this piece of disruptive software has branded it as “a marketing tool” and even sold and advertised as a tool to help an e-marketing campaign.
This is of course just a word play and in fact in my viewe these program should be prohibited by international law.

Advanced Mass Sender is another piece of Spammer software which officially is tagged as marketing software and is sold and recommended as an useful tool for e-marketing.

I’ve take the time to take a quick and test the spammer installed AMS , honestly I’ve been amazed how far spamming has went during the last 5 years.

This AMS shit is capable of creating a target groups which could easily be spammed whether each group can contain up to 200000+ ! target emails
Advanced Mass Sender can even check if a certain email is present on the remote mail server and only then tries to deliver.
Besides that it even supports sending the spam mails via multiple mail servers (simultaneously) to increase the thoroughput as well as supports proxy servers…

I decided to write this few lines article to raise some awareness about this shitty sofware in a hope that somebody who is Administrating / Supporting client owned Windows servers or Virtual Private Servers will be able to read about this 3 ones and stop spammers before they succeed to create mail havoc with their ugly spam stuff.

Share this on

Tags: AMS, awareness, com, course, email addresses, email collector, extreme power, freeware, Gmail, grabs, Harvester, IPThe, job, major search engines, marketing campaign, marketing software, marketing tool, piece, power, power email harvester, Search, software, spammer, Spammers, spidering, targe, target websites, three windows, time, tool, topic, Virtual, virtual private servers, VPS, windows programs, windows software, word play
Posted in Computer Security, Everyday Life, System Administration | No Comments »

Scanning shared hosting servers to catch abusers, unwanted files, phishers, spammers and script kiddies with clamav

Friday, August 12th, 2011

I’m responsible for some GNU/Linux servers which are shared hosting and therefore contain plenty of user accounts.
Every now and then our company servers gets suspended because of a Phishing websites, Spammers script kiddies and all the kind of abusers one can think of.

To mitigate the impact of the server existing unwanted users activities, I decided to use the Clamav Antivirus – open source virus scanner to look up for potentially dangerous files, stored Viruses, Spammer mailer scripts, kernel exploits etc.

The Hosting servers are running latest CentOS 5.5. Linux and fortunately CentOS is equipped with an RPM pre-packaged latest Clamav release which of the time of writting is ver. (0.97.2).

Installing Clamav on CentOS is a piece of cake and it comes to issuing:

[root@centos:/root]# yum -y install clamav ...


After the install is completed, I've used freshclam to update clamav virus definitions
[root@centos:/root]# freshclam
ClamAV update process started at Fri Aug 12 13:19:32 2011
main.cvd is up to date (version: 53, sigs: 846214, f-level: 53, builder: sven)
WARNING: getfile: daily-13357.cdiff not found on remote server (IP: 81.91.100.173)
WARNING: getpatch: Can't download daily-13357.cdiff from db.gb.clamav.net
WARNING: getfile: daily-13357.cdiff not found on remote server (IP: 163.1.3.8)
WARNING: getpatch: Can't download daily-13357.cdiff from db.gb.clamav.net
WARNING: getfile: daily-13357.cdiff not found on remote server (IP: 193.1.193.64)
WARNING: getpatch: Can't download daily-13357.cdiff from db.gb.clamav.net
WARNING: Incremental update failed, trying to download daily.cvd
Downloading daily.cvd [100%]
daily.cvd updated (version: 13431, sigs: 173670, f-level: 60, builder: arnaud)
Downloading bytecode.cvd [100%]
bytecode.cvd updated (version: 144, sigs: 41, f-level: 60, builder: edwin)
Database updated (1019925 signatures) from db.gb.clamav.net (IP: 217.135.32.99)

In my case the shared hosting hosted websites and FTP user files are stored in /home directory thus I further used clamscan in the following way to check report and log into file the scan results for our company hosted user content.
[root@centos:/root]# screen clamscan -r -i --heuristic-scan-precedence=yes --phishing-scan-urls=yes --phishing-cloak=yes --phishing-ssl=yes --scan-archive=no /home/ -l /var/log/clamscan.log
home/user1/mail/new/1313103706.H805502P12513.hosting,S=14295: Heuristics.Phishing.Email.SpoofedDomain FOUND/home/user1/mail/new/1313111001.H714629P29084.hosting,S=14260: Heuristics.Phishing.Email.SpoofedDomain FOUND/home/user1/mail/new/1305115464.H192447P14802.hosting,S=22663: Heuristics.Phishing.Email.SpoofedDomain FOUND/home/user1/mail/new/1311076363.H967421P17372.hosting,S=13114: Heuristics.Phishing.Email.SpoofedDomain FOUND/home/user1/mail/domain.com/infos/cur/859.hosting,S=8283:2,S: Heuristics.Phishing.Email.SSL-Spoof FOUND/home/user1/mail/domain.com/infos/cur/131.hosting,S=6935:2,S: Heuristics.Phishing.Email.SSL-Spoof FOUND
I prefer running the clamscan in a screen session, because it's handier, if for example my ssh connection dies the screen session will preserve the clamscan cmd execution and I can attach later on to see how scan went.
clamscan of course is slower as it does not use  Clamav antivirus daemon  clamd , however I prefer running it without running the daemon, as having a permanently running  clamd  on the servers sometimes creates problems or hangs and it's not really worthy to have it running since I'm intending to do a clamscan no more than once per month to see some potential users which might need to be suspended.
Also later on, after it finishes all possible problems are logged to  /var/log/clamscan.log , so I can read the file report any time.
A good idea might also be to implement the above clamscan to be conducted, once per month via a cron job, though I'm still in doubt if it's better to run it manually once per month to search for the malicious users content or it's better to run it via cron schedule.
One possible pitfall with automating the above clamscan /home virus check up, might be the increased load it puts to the system. In some cases the Webserver and SQL server might be under a heavy load at the exactly same time the clamscan cron work is running, this might possible create severe issues for users websites, if it's not monitored.
Thus I would probably go with running above  clamscan  manually each month and monitor the server performance.
However for people, who have "iron" system hardware and  clamscan  file scan is less likely to cause any issues, probably a cronjob would be fine. Here is sample cron job to run clamscan:
10 05 01 * * clamscan -r -i --heuristic-scan-precedence=yes --phishing-scan-urls=yes --phishing-cloak=yes --phishing-ssl=yes --scan-archive=no /home/ -l /var/log/clamscan.log >/dev/null 2>&1 

I'm interested to hear if somebody already is using a clamscan to run on cron without issues, once I'm sure that running it on cron would not lead to server down-times, i'll implement it via cron job.
Anyone having experience with running clamscan directory scan through crond?  


Share this on



























		  

		  
		  





Tweet


				Tags: antivirus, cake, center, CentOS, Clamav, clamav antivirus, company servers, dangerous files, exploits, gnu linux, hosting servers, impact, Installing, kernel, kind, linux servers, m center, mailer, open source, Phishing, piece, piece of cake, plenty, root, rpm, scanner, script kiddies, spammer, Spammers, time, unwanted files, unwanted users, ver, virus, virus scanner, Viruses, writting, yum
 Posted in Linux, System Administration, Web and CMS |   2 Comments »


				
				How to track (catch) mail server traffic abusers with tcpdump
				Thursday, July 7th, 2011
				
					If you're an administrator of a shared hosting server running mail server on localhost, you've definitely come across to issues with your mail server ip entering into public blacklists like spamhaus's CBL,XBL, PBL etc.
	The usual procedure after one's ip gets listed in blacklists is to delist it manually following spamhaus or any other blacklist website's web interface, however often even after delisting yourself from blacklists you get back into them in a couple of hours, since your mail server continues to send a mass amounts of spam.
	To track issues like as a system administrator I always use the good old network swiss army of knife tool tcpdump
	 tcpdump  is really precious in tracking all kind of traffic oddities or mail server traffic.

	To check if there are oddities with traffic flowing from a mail server on localhost after I login to a mail server with issues I use  tcpdump  command with following options:
	tcpdump -nNxXi eth0 -s 0 proto TCP and port 25

	
	The usual output of it should look something like:
	root@hosting:/home/hipo/public_html:# tcpdump -nNxXi eth0 -s 0 proto TCP and port 25

	tcpdump: verbose output suppressed, use -v or -vv for full protocol decodelistening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes

	11:37:51.692685 IP xxx.xxx.xxx.xxx.smtp > 212.235.67.205.53745: P 2645817175:2645817203(28) ack 31168958 win 7632

	0x0000: 4500 0044 92b4 4000 4006 9ae8 5511 9f4d E..D..@.@...U..M

	0x0010: d4eb 43cd 0019 d1f1 9db3 f757 01db 99be ..C........W....

	0x0020: 5018 1dd0 0d4e 0000 3235 3020 4f4b 2069 P....N..250.OK.i

	0x0030: 643d 3151 656c 3150 2d30 3033 7666 412d d=1Qel1P-003vfA-

	0x0040: 4730 0d0a G0..

	11:37:52.175038 IP 212.235.67.205.53745 > xxx.xxx.xxx.xxx.smtp: . ack 28 win 65064

	0x0000: 4500 0028 1bb4 4000 7706 db04 d4eb 43cd E..(..@.w.....C.

	0x0010: 5511 9f4d d1f1 0019 01db 99be 9db3 f773 U..M...........s

	0x0020: 5010 fe28 a1c8 0000 0000 0000 0000 P..(..........

	
	In this example the  xxx.xxx.xxx.xxx  is the IP address of the hosting server (my mail server) and the other IP is the interaction of my mail server's smtp port 25  with tther machine 212.235.67.205.
	If after issuing this command there are tons of repeating address IPs the mail server interacts with this is possible sign of spammers who sent traffic via the mail server.

	Of course this is not always the case as sometimes, some clients use to send large newsletters or just some planned advertisements, however in most cases as I said it's a spammer.
	To futher get the abuser I check Apache logs and the mail server logs. Also in many cases a spammer can be catched via observing the mail server logs (/var/log/maillog, /var/log/qmail/current or wherever the mail server logs it's interactions).
	In the above tcpdump output you can even read some of the information flowing in between mail servers in a very raw form for example in above tcpdump output notice the  250.OK . This is obviously an interaction between the two mail servers where the server running on my hosting server with ip (xxx.xxx.xxx.xxx) sends to the remote mail server the command 250 OK
	Hope this article is helpful to somebody  


Share this on



























		  

		  
		  





Tweet








				
				Tags: 01db, ack, blacklists, cbl, course, delisting, eth, hipo, host, hosting server, interaction, Knife, knife tool, localhost, log, login, machine, mail server, mass, mass amounts, n 250, oddities, PBL, proto, Qel, root, server ip, server traffic, size, smtp, something, spamhaus, spammer, swiss army, system administrator, tcpdump, tool, tther, verbose, vv, web interface
 Posted in Linux, Qmail, System Administration |   3 Comments »
			
				
				How to enable Domain Keys (DKIM) in Qmail toaster based mail server install on Debian Linux
				Wednesday, May 25th, 2011
				
					


Recently the Emails sent by one of the Qmail mail servers running on a Debian host started suddenly delivering in Spam folder in both Gmail.com and yahoo.com public mail services.
This is pretty nasty as many of the websites which used the local qmail server to deliver emails concerning subscriptions and other kind of services provided by the websites started ending in  Span  and thus many of the users who used their  Yahoo Mail  account  and  Google Mail – gmail  accounts was unable to read emails mailed by the various websites forms and scripts which were sending emails.
You can imagine the negative effect all this “minor” mail issues had on website visitors count and the overall websites functionality.
To come up with some kind of solution to this mail issues, I did quite a lot of research to understand if Yahoo and Google Mail services has some kind of mail server delist form or some reporting service where one can delist a specific mail server as a spammer one or get some kind of help, but unfortunately it seems neither google nor yahoo has any kind of web based way to remove hosts or ip addresses of legit mail servers who has mistakenly been recognized as spam servers.
During my efforts to find a solution to the situation I red a lot of posts and forums online as well as Google’s Bulk Sender Guidelines, none if it was too helpful though.
The QMAIL server had a proper:
1. MX Record 
2. TXT SPF records 
3. PTR Record 
4. There are proper correct mail message headers 
5. Proper mails charset and encoding
6. The mail server IP is not listed anywhere in any mail blacklists
(e.g. www.mxtoolbox.com/blacklists.aspx / spamhaus.org)
7. A correct SMTP greeting which matched the mail server domain name

The only thing which was missing on the mail server (checked against Google’s Bulk Sender Guidelines) was a properly configured DKIM and Domainkeys.
Thus in order to get around the situation I went the way and configured the qmail server to include and send in the mail header also Domain Keys
In this article I will briefly explain step by step how I configured  Domain keys (DKIM) signing  of my mails:
There are few ways  domain keys  signing can be implemented with Qmail.
1. By patching qmail binaries to support domain keys signing
I wanted to omit any interventions concerning the well running qmail install so I decided not to go this way.
Plus there are plenty of add-ons for qmail and as I have no time to test them the idea not to temper the existing qmail installation looked wise to me.
2. Use a wrapprer script around qmail-remote that invokes externally domainkeys binaries

This kind of solution was fitting me better and therefore I took this route to enable my qmail DKIM signing.
There are few approaches one can take described online:

Use a perl script wrapper which does does the DKIM signing (http://manuel.mausz.at/coding/qmail-dkim/)


I tried using the qmail-dkim-0.2.pl wrapper script following the exact steps described to be fulfilled to enable my outgoing mails dkim signature, however for some reason after substituting the qmail-remote with  qmail-dkim.pl and setting the proper permissions, my outgoing mails failed completely and each mail I sent was returned back by the qmail MAILER-DAEMON

Use a bash shell script wrapper in combination with libdomainkeys‘s with a  Mail-DKIM-0.39 .

I gave a try to this approach and thanksfully it worked after a bit of struggle to tune it up.
Here is what exactly I had to do to in order to have the domain keys signing to work using the above described  qmail-remote.sh shell script wrapper 
 1. Install openssl related required debian packages 
debian:~# apt-get install openssl libcrypt-openssl-rsa-perl libcrypt-openssl-bignum-perl \
libmail-dkim-perl
...

 2. Create necessery directories and RSA key pairs for DomainKeys 
debian:~# mkdir -p /etc/domainkeys/mydomain.com
debian:~# cd /etc/domainkeys/mydomain.com
debian:/etc/domainkeys/mydomain.com# openssl genrsa -out rsa.private_default 768
debian:/etc/domainkeys/mydomain.com# openssl rsa -in rsa.private_default \
-out rsa.public_default -pubout -outform PEM
debian:/etc/domainkeys/mydomain.com# ln -sf rsa.private_default default
debian:/etc/domainkeys/mydomain.com# touch selector
debian:/etc/domainkeys/mydomain.com# echo 'default' >> selector

Where mydomain.com is the mail domain I need the DKIM signatures for.
I have written a small shell script which automates the task of adding new domainkeys directories and generating the RSA keys with openssl, you can  download my generate_qmail_domainkey_rsa automator script here 
 3. Set proper permissions and owner to /etc/domainkeys directory 
debian:~# chmod -R 0600 /etc/domainkeys
debian:~# chown -R qmailr:qmail /etc/domainkeys

 4. Generate public domain key for DNS TXT records 
debian:/etc/domainkeys/mydomain.com# grep -v ^- rsa.public_default | perl -e 'while(<>){chop;$l.=$_;}print "k=rsa; t=y; p=$l;\n";'

"k=rsa; t=y; p=MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhAMlDcYMrpWP9ouQOlFVtCHcFY

+gxrSQ6SegYeP4eeG7NECT/3jBqDtxANIVhaS9ASkEO4yNisGu4yX/DRclTm
nPWknoDtCDiD7IFEzT37qn1JLzcuknTncmFBFMDRUJq6wIDAQAB;"

The above key is used in next step 5 to set it as a TXT DNS record.
 5. Create the DNS records in Name server 
With BIND DNS server you need to place a records like:
_domainkey.example.com. IN TXT "k=rsa; t=y; o=-;"
default._domainkey.example.com. IN TXT "
 p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC2RkvFHbhqM/bVbb
kBtZ1cZUSYcjC4q+PWjd1tFopT+HXXR9Ctx7FZ1guX5fGboiwYmhCYdVroI
KRM3I48/YyQoXxtn3iYZ086v8BHaNtkcBMY+68JeEQ3K0WQkbqQXp/tsnLY
SQW1yXiEo9CywxVdpwH+OY94HxK4fAbw6V11cwIDAQAB"

! The above p= key specified is the one generated in step 5. 
 6. Download and compile & install  Mail-DKIM-0.39 ‘s perl extension 
As of time of writting latest Mail-DKIM is ver. 0.39, however it’s a good idea to check and install the latest available version available on  http://www.cpan.org 
a) Download Mail-DKIM 
debian:~# cd /usr/local/src
debian:/usr/local/src# wget http://www.pc-freak.net/files/Mail-DKIM-0.39.tar.gz
...
2011-05-25 15:09:37 (264 KB/s) - `Mail-DKIM-0.39.tar.gz' saved [87375/87375]
...
b) Compile & Install Mail-DKIM 
debian:/usr/local/src# chown -R hipo:hipo Mail-DKIM-0.39
debian:/usr/local/src# cd Mail-DKIM-0.39

debian:/usr/local/src/Mail-DKIM-0.39# su hipo
debian:/usr/local/src/Mail-DKIM-0.39$ perl Makefile.PL
debian:/usr/local/src/Mail-DKIM-0.39$ make
...
debian:/usr/local/src/Mail-DKIM-0.39$ exit
debian:/usr/local/src/Mail-DKIM-0.39# make install
debian:/usr/local/src/Mail-DKIM-0.39# cd script
debian:/usr/local/src/Mail-DKIM-0.39/script# cp -rpf * /usr/local/bin; cd /usr/local/src

Note that the  dkimsign.pl  which is in the  Mail-DKIM-0.39  is a very important tool used later by the qmail-remote wrapper script. This perl script is copied in the last command issued in above chunk of code.

In the up-command lines I use my unprivileged username  hipo  to compile, here use any non-root user is appropriate.
For instance it’s possible that the cpan user is used as a compile time user, I was lazy to configure CPAN thus I choose to use my normal unprivileged user.
c) configure rsa domain key paths in dkimsing.pl
Another thing to do here is to make sure the  /usr/local/bin/dkimsign.pl  which was just recently installed has a correct set location for it’s  KeyFile  variable.

This vailable is in the script is located online 64, I changed it to include my rsa domain key file, after I changed it, now it looks like so:


KeyFile => "/etc/domainkeys/mydomain.com/default"


 7. Download and install libdomainkeys 
a) Download libdomainkeys
For latest version of libdomainkeys make sure you check on  http://domainkeys.sourceforge.net/ 
debian:/usr/local/src# wget http://www.pc-freak.net/files/libdomainkeys-0.69.tar.gz
debian:/usr/local/src# tar -zxvvf libdomainkeys-0.69.tar.gz
...
debian:/usr/local/src# chown -R hipo:hipo libdomainkeys-0.69
debian:/usr/local/src# cd libdomainkeys-0.69; su hipo

b) Compile and install libdomainkeys binaries


debian:/usr/local/src/libdomainkeys-0.69$ echo  '-lresolv' >  dns.lib

debian:/usr/local/src/libdomainkeys-0.69$ make clean & & make
debian:/usr/local/src/libdomainkeys-0.69$ exit
debian:/usr/local/src/libdomainkeys-0.69# cp -rpf dktest dknewkey expected makeheader /usr/local/bin/

There is a note to make here, one of the programs part of libdomainkeys called  dnstest  is not compiled while doing  make  for unknown reasons?!
I was not able to compile manually dnstest either using gcc like so:
debian:/usr/local/src/libdomainkeys-0.69$ gcc -o dnstest dnstest.c dnstest.c: In function 'main':
dnstest.c:11: warning: incompatible implicit declaration of built-in function 'strle'
/tmp/ccH78KZ1.o: In function 'main':
dnstest.c:(.text+0x2b): undefined reference to 'dns_text'
collect2: ld returned 1 exit status

I have absolutely no clue why it fails o_O, but it doesn’t matter since I figured out that domainkeys header signature is properly set even without dnstest.
Let me mark here that  echo  ‘-lresolv’ >  dns.lib  you see in above code chunk is absolutely necessery in order to be able to compile libdomainkeys on Debian based distributions. If the ‘-lresolv > dns.lib’ is omitted the libdomainkeys build fails with error:


gcc -DBIND_8_COMPAT -O2 -o dktest dktest.o -L. -ldomainkeys -lcrypto 
`cat dns.lib` `cat socket.lib`

./libdomainkeys.a(dns_txt.o): In function `dns_text':

dns_txt.c:(.text+0x2d): undefined reference to `__res_query'

dns_txt.c:(.text+0xc4): undefined reference to `__dn_expand'

dns_txt.c:(.text+0x184): undefined reference to `__dn_expand'

collect2: ld returned 1 exit status

make: *** [dktest] Error 1


8. Install libdkim (source of the libdkimtest binary later used by qmail-remote wrapper script) 
debian:/usr/local/src# su hipo
debian:/usr/local/src$ wget http://www.pc-freak.net/files/qmail/libdkim-1.0.19.zip
debian:/usr/local/src$ wget http://www.pc-freak.net/files/qmail/libdkim-1.0.19-linux.patch
debian:/usr/local/src$ wget http://www.pc-freak.net/files/qmail/libdkim-1.0.19-extra-options.patch
debian:/usr/local/src$ unzip libdkim-1.0.19.zip
debian:/usr/local/src$ cd libdkim/src
debian:/usr/local/src/libdkim/src$ patch -p2 < ../../libdkim-1.0.19-linux.patch
debian:/usr/local/src/libdkim/src$ patch -p2 < ../../libdkim-1.0.19-extra-options.patch
debian:/usr/local/src/libdkim/src$ make && exit
debian:/usr/local/src/libdkim/src# make install

The above install will install libdkimtest binary, used by the wrapper script to do the actual DKIM-Signature, the binary gets installed in /usr/local/bin/libdkimtest.

Here is a link to  patched version of libdkim 1.0.19 , to use it instead of patching as described above download the archive untar and do a  make clean && make && install 
9. Download qmail-remote.wrapper (qmail-remote wrapper shell script) and set it to wrap qmail-remote 
a) Copy original qmail-remote to qmail-remote.orig
debian:~# cd /var/qmail/bin
debian:/var/qmail/bin# cp -rpf qmail-remote qmail-remote.orig

b) Download qmail-remote.wrapper script
Here is the qmail-remote.sh wrapper script that worked for me 
Originally the wrapper script is taken from http://www.memoryhole.net/qmail/, big thanks to Russ Nelson for writting the awesome wrapper script.
debian:~# cd /var/qmail/bin/
debian:/var/qmail/bin# wget http://www.pc-freak.net/files/qmail-remote.wrapper
Saving to: `qmail-remote.wrapper'

100%[============================>] 1,164       --.-K/s   in 0s      
2011-05-25 15:46:54 (142 MB/s) - `qmail-remote.wrapper' saved [1164/1164]

c) Set proper permissions to the qmail-remote.wrapper script
The permissions of qmail-remote should look like so:
 -rwxr-xr-x 1 root qmail 1164 2011-05-25 11:05 /var/qmail/bin/qmail-remote* 
To set this permissions I used:
debian:/var/qmail/bin# chmod 755 qmail-remote.wrapper

debian:/var/qmail/bin# chown qmailq:qmail qmail-remote.wrapper


d) Create /var/domainkeys directory (necessery for proper qmail remote wrapper script operations)
debian:~# mkdir /var/domainkeys
debian:~# chown -R qmailr:qmail /var/domainkeys
debian:~# chmod 700 -R /var/domainkeys

e) Substitute original qmail-remote  binary with the wrapper script:
debian:~# qmailctl stop
Stopping qmail...
 qmail-send
 qmail-smtpd
debian:/var/qmail/bin# cp -rpf qmail-remote.wrapper qmail-remote
debian:/var/qmail/bin# qmailctl start
Starting qmail

 10. Send test email to @gmail.com or @yahoo.com to test if DKIM-Signature is included in the mail header 
I used my installed webmail interface  squirrelmail  and send a test email to my home mail server and as well as to yahoo.com
The headers of the email looked fine, here is how my DKIM signed mail headers looked like:


From - Thu May 26 15:31:37 2011

X-Account-Key: account11

X-UIDL: 1306413169.97071.pcfreak,S=1244

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

X-Mozilla-Keys:
 

Return-Path: <root@mail.mydomain.com>

Delivered-To: hipo@pc-freak.net

Received: (qmail 97068 invoked by uid 1048); 26 May 2011 12:32:49 -0000

Received: from mail.mydomain.com (83.170.100.100)

  by mail.pc-freak.net with SMTP; 26 May 2011 12:32:49 -0000

Comment: DomainKeys? See http://domainkeys.sourceforge.net/

DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;

  s=default; d=mydomain.com;

b=ZnTDdUexnt8fmuHbVNXIC+JDvNLYO1zjzlI3PODe3e1oMS5dRHzVGujrS1

Yk0qqs2oW7DseZg/iHE9KOLZBeInksOnsmLsDBq1Lvzfv2xejikR52LBg6a/uK

ewECJy4jQA4cwMJ/qUxmK8EDwbgj7jqCVB95FK3Z5EdR4HoaqGQ=;


h=Received:Date:Message-ID:From:To:Subject;

DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=mydomain.com; h=date

	:message-id:from:to:subject; s=default; q=

	/etc/domainkeys/mydomain.com/default; 
bh=G32d6y8oiLehRzcuIWr9s

	S+Jy+g=; 
b=TPW5VXq3vlOUf1T7lfxQC00MN0kPJxaASE/gq7LbHyV1Gj/Xj+GLF

	UN6hYVeKnsoKKeV108JVGcfvfTaLogsxGyS9XzUXKlLtESBj4wr/DAOQy
OcHCj75

	bEOOd9nv+RehOYinXGmx0JUZpCNHGndNZ1AEabbVEiX/NQAL7iKDnE
=

Received: (qmail 28771 invoked by uid 0); 26 May 2011 12:31:30 -0000

Date: 26 May 2011 12:31:30 -0000

Message-ID: <20110526123130.28770.qmail@mail.mydomain.com>

From: root@mail.mydomain.com

To: hipo@pc-freak.net

Subject: testing 123
baklavavav

tatta


Notice the two lines in the above pasted header:
 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;

DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=mydomain.com; h=date
This clearly shows that now both Domainkeys and DKIM are being applied to outgoing mail messages  
However to be completely 100% sure the domainkeys and DKIM signing is correct, you should check the online websites which offer a mail domainkey check and DKIM signature check, an example for such a website that I used in order to test that my SSL RSA Domainkeys and DKIM correspond correctly to the ones specified in the DNS server is:

 here 
The idea for writting this small guide on configuring Domainkeys with Qmail and Linux is seriously inspired by Mariuz’s Blog post dkim wrapper that works using dk Hope this is helpful to somebody, it took me quite a while until I come up with the exact steps of a workable install of Domain Keys, there are so many tutorials and ways to implement this that at a certain point it’s a hell.
Like always with Qmail, even simple things are so complex, the only good thing about qmail is once you make it work well, it works forever … until the next time you will have to spend few days trying to figure it out  
I’m very much looking to hear if people followed the tutorial succesfully.
Any feedback concerning the article is mostly welcome!

Cheers!


Share this on



























		  

		  
		  





Tweet








				
				Tags: briefly, Bulk, charset, com, correct mail, Date, DKIM-Signature, dnstest, domain, Domainkeys, Emails, exit, exitdebian, form, function, Gmail, google, header, help, host, ip addresses, libdkimtest, Linux, lot, mail issues, mail message, mail server, mail servers, mail services, message headers, mx record, mxtoolbox, nameThe, none, ptr, public mail, qmailctl, reporting service, root, script, server domain, server ip, signing, soccerfame, spamhaus, spammer, SPF, test, text, toaster, TXT, website visitors, wget, wrapper, yahoo mail account
 Posted in Linux, System Administration |   19 Comments »

Walking in Light with Christ – Faith, Computing, Diary

Posts Tagged ‘spammer’

Xtractor Extreme, Power Email Harvester and AMS (Advanced Mass Sender) three Windows programs to Beware of

GET ARTICLE UPDATES

Daily Bible quote

Recent Posts

Useful blog? Help it:

Similar Posts

Categories

Links to Other Places

About Myself

Recent Comments

Ads

Top Post Views

blogtopsites

May 2013
M	T	W	T	F	S	S
« Apr
		1	2	3	4	5
6	7	8	9	10	11	12
13	14	15	16	17	18	19
20	21	22	23	24	25	26
27	28	29	30	31