On Sun, Apr 17, 2016 at 10:57:56AM -0500, Edgar Pettijohn wrote:
>
>
> On 04/17/16 10:20, Ryan Kavanagh wrote:
> >Edgar Pettijohn <ed...@pettijohn-web.com> wrote:
> >>Is anyone using this filter?
> >Yes, I got it running yesterday using OpenBSD 5.9's opensmtpd-extras package.
> >
> >>smtpd.conf
> >>
> >>filter filter-dkim-signer dkim-signer "-D mydomain -p
> >>/etc/mail/private.key -s selector1"
> >Part of the problem is the spaces here. At least, when I tried with a space
> >before the argument for "-p", I got a file not found error. I also ended up
> >having to wrap each individual argument in quotes, though I'm not sure if
> >this
> >was necessary. Here's what I have in my smtpd.conf:
> >
> > filter filter-dkim-signer dkim-signer "-Dryanak.ca"
> > "-p/var/db/dkim/_may2014.ryanak.ca.key" "-smay2014"
> > filter all chain filter-dkim-signer
> >
> > ...
> >
> > listen on lo0 filter all
> > listen on vio0 filter all secure pki ryanak.ca
> > listen on vio0 port submission filter all tls-require pki ryanak.ca
> > auth <authdb>
> >
> > ...
> >
> > accept from local for any relay
> >
> >In retrospect, I probably shouldn't have the filter applied on the second
> >"listen on" line, because I this causes incoming mail to also be DKIM signed.
> >
> >Hope this helps,
> >Ryan
> >
> Have you verified that it is signing your outgoing mail properly? I have a
> patch to fix your quoting problem,
oh... wrote a patch, then saw your mail with the very similar diff
attached... note to myself: read whole thread first :(
> but I wasn't going to submit till I had
> it working 100%. I think my problem may be my dns record. Trying to get it
> fixed now, but domain.com is unusually slow to act today.
>
> this is a fuller description of my smtpd.conf which may be wrong too, but I
> think its right.
>
> filter filter-dkim-signer dkim-signer "etc, etc,"
>
> listen on lo0 port 2525 filter filter-dkim-signer tag DKIM_OUT
>
> accept tagged DKIM_OUT for any relay
> accept tagged AUTH_GOOD for any relay via smtp://127.0.0.1:2525
>
> this patch seems to work for me, but like I said I haven't been able to
> confirm until my dns updates.
>
> diff --git a/extras/wip/filters/filter-dkim-signer/filter_dkim_signer.c
> b/extras/wip/filters/filter-dkim-signer/filter_dkim_signer.c
> index 8e6a9a1..e2751ab 100644
> --- a/extras/wip/filters/filter-dkim-signer/filter_dkim_signer.c
> +++ b/extras/wip/filters/filter-dkim-signer/filter_dkim_signer.c
> @@ -268,7 +268,10 @@ int
> main(int argc, char **argv)
> {
> int ch, d = 0, v = 0;
> + const char *D = NULL;
> const char *p = NULL;
> + const char *pkey = NULL;
> + const char *s = NULL;
> FILE *fp;
> static char hostname[SMTPD_MAXHOSTNAMELEN];
> @@ -277,7 +280,7 @@ main(int argc, char **argv)
> while ((ch = getopt(argc, argv, "D:dp:s:v")) != -1) {
> switch (ch) {
> case 'D':
> - domain = optarg;
> + D = optarg;
> break;
> case 'd':
> d = 1;
> @@ -286,7 +289,7 @@ main(int argc, char **argv)
> p = optarg;
> break;
> case 's':
> - selector = optarg;
> + s = optarg;
> break;
> case 'v':
> v |= TRACE_DEBUG;
> @@ -301,17 +304,31 @@ main(int argc, char **argv)
> argc -= optind;
> argv += optind;
> - if (domain == NULL) {
> + if (D) {
> + domain = D;
> + }
> +
> + else {
> if (gethostname(hostname, sizeof(hostname)) == -1)
> fatal("main: gethostname");
> domain = hostname;
> }
> - if (selector == NULL)
> + if (s) {
> + selector = s;
> + }
> +
> + else {
> selector = DEF_SELECTOR;
> + }
> +
> + if (p) {
> + pkey = p;
> + }
> - if (p == NULL)
> - p = PRIVATE_KEY;
> + else {
> + pkey = PRIVATE_KEY;
> + }
> log_init(d);
> log_verbose(v);
> @@ -322,7 +339,7 @@ main(int argc, char **argv)
> OpenSSL_add_all_ciphers();
> OpenSSL_add_all_digests();
> - if ((fp = fopen(p, "r")) == NULL)
> + if ((fp = fopen(pkey, "r")) == NULL)
> fatal("main: fopen %s", p);
> rsa = PEM_read_RSAPrivateKey(fp, NULL, NULL, NULL);
>
>
>
>
> --
> You received this mail because you are subscribed to misc@opensmtpd.org
> To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
>
--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
