On 04/17/16 10:20, Ryan Kavanagh wrote:
Edgar Pettijohn <ed...@pettijohn-web.com> wrote:
Is anyone using this filter?
Yes, I got it running yesterday using OpenBSD 5.9's opensmtpd-extras package.
smtpd.conf
filter filter-dkim-signer dkim-signer "-D mydomain -p
/etc/mail/private.key -s selector1"
Part of the problem is the spaces here. At least, when I tried with a space
before the argument for "-p", I got a file not found error. I also ended up
having to wrap each individual argument in quotes, though I'm not sure if this
was necessary. Here's what I have in my smtpd.conf:
filter filter-dkim-signer dkim-signer "-Dryanak.ca"
"-p/var/db/dkim/_may2014.ryanak.ca.key" "-smay2014"
filter all chain filter-dkim-signer
...
listen on lo0 filter all
listen on vio0 filter all secure pki ryanak.ca
listen on vio0 port submission filter all tls-require pki ryanak.ca auth
<authdb>
...
accept from local for any relay
In retrospect, I probably shouldn't have the filter applied on the second
"listen on" line, because I this causes incoming mail to also be DKIM signed.
Hope this helps,
Ryan
Have you verified that it is signing your outgoing mail properly? I
have a patch to fix your quoting problem, but I wasn't going to submit
till I had it working 100%. I think my problem may be my dns record.
Trying to get it fixed now, but domain.com is unusually slow to act today.
this is a fuller description of my smtpd.conf which may be wrong too,
but I think its right.
filter filter-dkim-signer dkim-signer "etc, etc,"
listen on lo0 port 2525 filter filter-dkim-signer tag DKIM_OUT
accept tagged DKIM_OUT for any relay
accept tagged AUTH_GOOD for any relay via smtp://127.0.0.1:2525
this patch seems to work for me, but like I said I haven't been able to
confirm until my dns updates.
diff --git a/extras/wip/filters/filter-dkim-signer/filter_dkim_signer.c
b/extras/wip/filters/filter-dkim-signer/filter_dkim_signer.c
index 8e6a9a1..e2751ab 100644
--- a/extras/wip/filters/filter-dkim-signer/filter_dkim_signer.c
+++ b/extras/wip/filters/filter-dkim-signer/filter_dkim_signer.c
@@ -268,7 +268,10 @@ int
main(int argc, char **argv)
{
int ch, d = 0, v = 0;
+ const char *D = NULL;
const char *p = NULL;
+ const char *pkey = NULL;
+ const char *s = NULL;
FILE *fp;
static char hostname[SMTPD_MAXHOSTNAMELEN];
@@ -277,7 +280,7 @@ main(int argc, char **argv)
while ((ch = getopt(argc, argv, "D:dp:s:v")) != -1) {
switch (ch) {
case 'D':
- domain = optarg;
+ D = optarg;
break;
case 'd':
d = 1;
@@ -286,7 +289,7 @@ main(int argc, char **argv)
p = optarg;
break;
case 's':
- selector = optarg;
+ s = optarg;
break;
case 'v':
v |= TRACE_DEBUG;
@@ -301,17 +304,31 @@ main(int argc, char **argv)
argc -= optind;
argv += optind;
- if (domain == NULL) {
+ if (D) {
+ domain = D;
+ }
+
+ else {
if (gethostname(hostname, sizeof(hostname)) == -1)
fatal("main: gethostname");
domain = hostname;
}
- if (selector == NULL)
+ if (s) {
+ selector = s;
+ }
+
+ else {
selector = DEF_SELECTOR;
+ }
+
+ if (p) {
+ pkey = p;
+ }
- if (p == NULL)
- p = PRIVATE_KEY;
+ else {
+ pkey = PRIVATE_KEY;
+ }
log_init(d);
log_verbose(v);
@@ -322,7 +339,7 @@ main(int argc, char **argv)
OpenSSL_add_all_ciphers();
OpenSSL_add_all_digests();
- if ((fp = fopen(p, "r")) == NULL)
+ if ((fp = fopen(pkey, "r")) == NULL)
fatal("main: fopen %s", p);
rsa = PEM_read_RSAPrivateKey(fp, NULL, NULL, NULL);
--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
