Tony's Site

DKIM & SPF

I have recently been looking at anti-spam technologies. The trigger for this was work I do for a charity event that includes a mailshot each year publicising the event. I have some concerns that the big email providers may be blocking some of our messages as spam. After a little research I decided to implement DKIM and SPF. In some areas this is still work in progress and I haven't solved all the problems yet.

My existing system uses Debian Lenny, Exim4 and Spamassassin. The changes I decided to make are:

More details on the above are given below. These are all aimed at mail I send out. Currently I am not looking at using these techniques on incoming mail other than checking already taking place in Spamassassin. Spamassassin does include these checks but as far as I can see the default Debian configuration uses scores of 0 for all.

DNS Records

For both SPF and DKIM you need to publish TXT records in your DNS. Details of this can be found in the two references above. How or whether you can do this depends on how you register your domains.

DKIM Signing

Exim4 has the facility to carry out DKIM signing but this is not included in the standard versions included in Debian Lenny. You can compile it in if you wish but I prefer to use standard packages where possible. Instead, I initially used a package "dkimproxy" which is available in Lenny. This runs as a dæmon and interfaces by SMTP. You configure Exim so your outgoing mail routes through it and it signs messages as they pass through.

Subsequently I have moved to use the version of Exim4 in Debian backports which does include DKIM support.

SRS

Again, SRS is not included in the Debian standard build of Exim but can be compiled in. As above I'd prefer not to compile my own but after looking for options I decided I had no other choice.

libsrs_alt

SRS requires the libsrs_alt package but there isn't a standard package. The source can be found here. To create a Debian package I use the checkinstall package which is in Debian. To compile and install, unpack the tarball, cd into the folder and use the following:

./configure
make
checkinstall

Exim4 Build

Generic instructions for building a custom Debian package for Exim can be found here. Search for "srs" in the "EDITME.exim4-custom" file to find lines for SRS that are commented out. Remove the comments and then repack the config files as described. Every time you edit the file you need to repack.

When I ran debuild I received the following error message:

dpkg-shlibdeps: failure: no dependency information found for /usr/local/lib/libsrs_alt.so.1
 (used by debian/exim4-daemon-custom/usr/sbin/exim4).
dh_shlibdeps: command returned error code 512

This is due to checkinstall not conforming fully to Debian requirements. Details can be found here. The answer is to include within your Exim source tree a file "debian/shlibs.local" containing:

libsrs_alt 1 libsrs-alt

The package compiled but then when starting Exim I got the message:

Starting MTA:/usr/sbin/exim4: error while loading shared libraries: libsrs_alt.so.1:
 cannot open shared object file: No such file or directory
Warning! Invalid configuration file for exim4. Exiting....failed.

Again this results from checkinstall not fully conforming. To fix this use:

ldconfig /usr/local/lib

Exim4 Configuration

This is as far as I have got so far. I will update when I have progressed.