Re: Multi-domain DKIM signature with OpenSMTPd

Wed, 18 Mar 2020 12:42:27 -0700 

Le 18/03/2020 à 19:39, Hiltjo Posthuma a écrit :

On Wed, Mar 18, 2020 at 06:23:30PM +0100, Matthieu wrote:

Hi everybody
I'm looking to use OpenDKIM with OpenSMTPd. Has anyone ever done it before ?
My first intention is to sign mails from different domains on a single mail
server. So the

OpenDKIM works with a socket and I don't know how and if it works with the
smptd filter.
I've seen the «opensmptd-filter-dkimsign» packet, but we can only specify
one domaine.

Otherwise I'd be looking at the side of dkimproxy if it can do the job or
not.

Thx for any help.



Hi,

Theres an example described in the smtpd.conf(5) man page.

opensmtpd filters are in ports as a package: opensmtpd-filter-dkimsign

The source-code is at: https://imperialat.at/dev/filter-dkimsign/ in main.c
It's relatively small and also privilege-separated.

It has a parameter to set the domain name (-d). In smtpd.conf you can define
multiple filters. See also the man page filter-dkimsign(8) for detailed
information.

I've replaced dkimproxy (Perl-based and complex) with
opensmtpd-filter-dkimsign. It works well for my needs.



Hi Hiltjo,
Currently I already use opensmtpd-filter-dkimsign, but I didn't understand how to use it for multiple domains at once. 

I've seen the example in the man page :
https://man.openbsd.org/smtpd.conf#opensmtpd-filter-dkimsign
I thought <domain> was to be replaced by only one domain to sign. Is a domain a table like Alias? If so, what is the format of the file? But I doubt it since in the filter code it doesn't look like a list. 

static char *domain = NULL;
[…]
box 'd':
    domain = optarg;
[…]
if (!dkim_signature_printf(message,
            "DKIM-Signature: v=%s; a=%s-%s; c=%s/%s; d=%s; s=%s; ", "1",
            cryptalg, hashalg,
            canonheader == CANON_SIMPLE ? "simple": "relaxed."
            canonbody == CANON_SIMPLE ? "simple": "relaxed."
            domain, selector))
Finally in the example given in this presentation it is indeed a single domain: https://fosdem.org/2020/schedule/event/opensmtpd_in_the_cloud/attachments/slides/3736/export/events/attachments/opensmtpd_in_the_cloud/slides/3736/OpenSMTPD_Slides.pdf 

Besides, I can't find the man page you're talking about:
https://man.openbsd.org/filter-dkimsign
Finally, I understand how to write multiple filters, but not how to modify the "listen" directive to choose the right filter.

Reply via email to