Monthly Archives: September 2010

Implementing DKIM with Exim

This article was updated in February 2014 to reflect changes policy and reporting options. The earlier ADSP (Author Domain Signing Practices) information has been removed.

DomainKeys Identified Mail (DKIM) provides a method to confirm the origin of an e-mail. DKIM also provides some protection against tampering. Unlike SPF, this validation applies to the contents of the message when it is signed. Like SPF, the information required for validation is added to DNS. Continue reading

Signing Return Path Addresses with Exim

I have been receiving a fair amount of Spam from an e-mail forwarder.  They are unwilling to correct their problems.  Much of the Spam they forward is the form of bounce notifications.  Attempting to reject other Spam resulted in more notifications.  To control this Spam I implemented signed return path addresses.  As a side benefit, I am also rejecting bogus notifications sent directly to me.

Signing my return path allows me to reject faked notification e-mail.  The SMTP standard requires that no email sent with a null return path “<>” (aka Envelope Sender) be returned.  Its purpose is for allow for notifications about existing messages.  These includes notifications such as address unknown, message delivered, and message read.  E-mail notification which are not about a previously sent message can be refused . Signing the return path allowed me to reject such invalid notifications. Continue reading

Cfengine 2 for Debian and Ubuntu

Cfengine is a declarative system configuration tool.  This helps apply standards to system configuration. The configuration files specify the desired configuration and the engine applies these specifications to the system.  It is useful to:

  • Distribute configuration files;
  • Install standard packages (including on Debian and Ubuntu with code provided here);
  • Cleanup old files; and
  • Ensure certain programs are/are not running.

This documentation applies to Cfengine version 2. . The latest version has made significant changes to the scripting structure, but maintains the capability to run the version 2 format files. Continue reading