1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice

qmail-scanner + DomainKeys HOWTO

Discussion in 'Plesk for Linux - 8.x and Older' started by mian, Aug 27, 2005.

  1. mian

    mian Guest

    This small HOWTO will allow you to sign outgoing messages with DomainKeys http://antispam.yahoo.com/domainkeys. It is useful if you are using art's qmail-scanner RPM which modifies the qmail process to go from qmail-queue -> qmail-scanner.pl -> qmail-queue.orig to qmail-queue -> qmail-scanner.pl -> qmail-dk -> qmail-queue.orig. You can enable DomainKey verification with another option such as SpamAssassin.

    One thing is Plesk does not allow you to enter hostnames with an underscore in them, to get around this you can just enter 'domainkey' without the underscore then manually update the dns_recs table to make it '_domainkey'

    Download libdomainkeys from http://sourceforge.net/projects/domainkeys/
    Download qmail-dk-patch from http://www.qmail.org/qmail-1.03-dk-0.53.patch
    Download qmail source from ftp://ftp.jp.qmail.org/qmail/qmail-1.03.tar.gz

    Compile libdomainkeys
    tar -zxvf libdomainkeys-0.67.tar.gz
    cd libdomainkeys-0.67
    Generate DomainKey
    ./dknewkey default
    # add this record to your Plesk domain template so all domains get it
    default._domainkey  IN  TXT "k=rsa; p=MEwwDQYJKoZIhvvbfdgvfdBQADOwAwOAIxALoXn7ejsFvfIkdRo6UxmmW2BXbCOuRGc42XxDDrKHQKVMnAc0vEztfngdfgdAB"
    mkdir /etc/domainkeys
    cp default /etc/domainkeys
    chown qmailq:qmail /etc/domainkeys/default
    chmod 400 /etc/domainkeys/default
    -r--------  1 qmailq qmail 400 Aug 26 17:11 /etc/domainkeys/default
    Untar qmail to libdomainkeys directory, patch and compile
    tar -zxvf ../qmail-1.03.tar.gz
    cd qmail-1.03
    patch -p0 < ../../qmail-1.03-dk-0.53.patch
    make qmail-dk
    # if you receive an error regarding errno edit error.h and add #include "errno.h" before extern int errno;
    cp qmail-dk /var/qmail/bin/qmail-dk
    chown qmailq:qmail /var/qmail/bin/qmail-dk
    chmod 4511 /var/qmail/bin/qmail-dk
    -r-s--x--x  1 qmailq qmail 33844 Aug 26 17:15 /var/qmail/bin/qmail-dk
    Patch qmail-scanner-queue.pl to sign messages
    nano -w /var/qmail/bin/qmail-scanner-queue.pl
    # approx line 1584 
    sub qmail_requeue {
      my ($temp,$findate);
      # check rcpthosts file for relaying domains
      open(RCPTHOSTS, "</var/qmail/control/rcpthosts");
      while (<RCPTHOSTS>) {
        if (/^$domain_returnpath$/i || $domain_returnpath =~ /$_$/i) {
          # match found
          # set DKSIGN variable to private key to sign with
          # set DKQUEUE to original qmail-queue to spawn
          # set $qmailqueue to qmail-dk so qmail-scanner calls it to sign keys
          $qmailqueue  = '/var/qmail/bin/qmail-dk';
          &minidebug("Signing message from $returnpath with a DomainKey");
      &debug("q_r: fork off child into $qmailqueue...");
    Send a message to yourself and check the qmail-queue.log
    tail /var/spool/qmailscan/qmail-queue.log
    Signing message from [email]blah@blah.com[/email] with DomainKey
    If you view the message source in Thunderbird you should see the DomainKey record

    Comment: DomainKeys? See [url]http://antispam.yahoo.com/domainkeys[/url]
    DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
      s=default; d=blah.com;
      b=vHk1tQnQBvdfgdfgsfdS/FmrDgfdgbF/oaMhJpde1SsOGbiFKbqIjsYYxfm4KSP86b  ;
    You can also verify your DNS records using

  2. HolmesSPH

    HolmesSPH Guest

    this post was written in 2005, so I am not sure if it's entirely correct for my system... BUT..

    I am curious, I thought plesk was already using qmail, as it turns out, it's not even on my system.

    Also, I read a post "qmail vs sendmail" and then I thought... HMMM... IF I change over to qmail in order to get domainKeys working, does that mean I have to start using "qmail()" in my code instead of "sendMail()"????

    I am lost I guess to put it bluntly, but either way I HAVE to have a domainKeys solution.. My site sends out thousands of emails a day, and it's hard when Yahoo is alway rejecting confirmation numbers and ****
  3. hesham55

    hesham55 Guest

    every thing is ok except thes error

    Sat, 28 Apr 2007 18:03:01 EEST:32322: error_condition: X-Qmail-Scanner-2.01st: Requeuing: Unmatched [ in regex; marked by <-- HERE in m/^[ <-- HERE ]$/ at /var/qmail/bin/qmail-scanner-queue.pl line 1746, <RCPTHOSTS> line 1.

    can you help me?
  4. georanger

    georanger Guest

    I've followed this and also have the same error message as hesham55, can anyone help?
  5. bluewrath

    bluewrath Guest

    Same error here :(

    We'd appreciate some help here ;)
  6. ajack

    ajack Guest

    Same problem with DomainKeys / Plesk / Qmail / Qmail-Scanner

    Just tried with the most up-to-date version of the different files and I am having the exact same problem (from the qmail log file):

    Looking at the code, it's the line after 'chomp':

    I thought that maybe the problem is in the variables, so I enclosed them in \Q...\E but it does seem to help:

    Any suggestions?

  7. dash

    dash Regular Pleskian Staff Member

    Sep 26, 2007
    Likes Received:
    oh! at last! DomainKey support will be available in Plesk Unix 8.4 :)

    BTW, gentlemen,

    What are you interested in the first place:
    signing of outgoing mail or incoming mail checking?
    As for me, I do not think that incoming mail checking with DomainKey is effective antispam solution right now.
  8. atomicturtle

    atomicturtle Golden Pleskian

    Nov 20, 2002
    Likes Received:
    Washington, DC
    Domain Keys have been supported by spamassassin since I think 2002. Odds are you've been checking for them all along.
  9. crnunez

    crnunez Regular Pleskian

    May 24, 2006
    Likes Received:
    DomainKey in Plesk 8.4

    Excellent this news. I really need implement domainkeys for all my domains in all my servers...
  10. ajack

    ajack Guest

    Possibly, but what I am looking for is signing my outgoing mail... Do you know if there is a way to do that with qmail-scanner? That older post is evidently not accurate...

    Thanks in advance for any help

  11. exi1ed0ne

    exi1ed0ne Guest

  12. gshelton

    gshelton Guest

    Does anyone have any insight as to when the 8.4 Nix release is to happen? I am tired of my customers emails not making it to their inbox.
  13. josesan311

    josesan311 Guest

    root@localhost qmail-1.03]# less /var/qmail/bin/qmail-scanner-queue.pl
    /var/qmail/bin/qmail-scanner-queue.pl: No such file or directory

    Does anyone know where is qmail-scanner-queue.pl is in 8.0.1 im unable to find it.

    Thank you.
  14. exi1ed0ne

    exi1ed0ne Guest

  15. josesan311

    josesan311 Guest

    Hello, thank you for your fast response. I have enabled atomic repo and i have successfully installed qmail-scanner. Now, im having the same problem as ajack.
    Im getting:

    Apr 29 08:12:08 localhost X-Qmail-Scanner-2.02st: [localhost.localdomain120948192879124300] Requeuing: Unmatched [ in regex; marked by <-- HERE in m/^[ <-- HERE ]$/ at /var/qmail/bin/qmail-scanner-queue.pl line 1778, <RCPTHOSTS> line 1.
    Apr 29 08:12:08 localhost qmail: 1209481928.387371 warning: trouble injecting bounce message, will try later

    And i believe is due this portion of the regex code,

    # check rcpthosts file for relaying domains
    open(RCPTHOSTS, "</var/qmail/control/rcpthosts");
    while (<RCPTHOSTS>) {
    if (/^$domain_returnpath$/i || $domain_returnpath =~ /$_$/i) {

    Can someone please advice.

    Thank you very much
  16. exi1ed0ne

    exi1ed0ne Guest

    Modify /etc/qmail-scanner.ini to your liking and run as root qmail-scanner-reconfigure and see if that clears it up. You will also need to remove the Plesk spamassassin and Dr Web antivirus modules for it to work correctly.
  17. josesan311

    josesan311 Guest

    exi1ed0ne, thank you again.

    I checked the file /etc/qmail-scanner.ini but i do not know what changes do i need to make there.
    My clients uses spamassassin as i do too, there is no way to setup yahoo domainkeys with spamassassin ?

    Thank you in advance.
  18. exi1ed0ne

    exi1ed0ne Guest

    Search the forums at atomicrocketturtle.com for the options in qmail-scanner.ini

    Qmail scanner doesn't work with Plesks version of spamassassin. You will need to go to the "mainstream" version of spamassassin and clamav. That's just the way it goes unfortunately. However you will get a more modern and capable version of spamassassin, even if there is no whizbang GUI for it.
  19. ClaudiuR

    ClaudiuR Guest

    I think the correct aproach to the problem is this:
    if (/^\$domain_returnpath$/i || $domain_returnpath =~ /$_$/i) {

    Al leat this one worked for me.

  20. ShibashishS

    ShibashishS Guest


    Doesn't work for me... i get the following error... any clues...

    @400000004a9e787207f36c5c Global symbol "$domain_returnpath" requires explicit package name at /var/qmail/bin/qmail-scanner-queue.pl line 1454.
    @400000004a9e787207f3742c BEGIN not safe after errors--compilation aborted at /var/qmail/bin/qmail-scanner-queue.pl line 2000.

    qmail scanner Version: 2.05
    qmail 1.05