On 2019/09/16 20:42, Mikolaj Kucharski wrote: > Hi, > > On Thu, Sep 12, 2019 at 09:08:31AM +0200, Martijn van Duren wrote: > > Ping > > > > Doesn't anyone want to replace dkimproxy with something that integrates > > a little better?
that's not a good incentive, i never used dkimproxy :) (amavisd used to do that for me, but I switched to rspamd's signing a couple of years ago and haven't had any interest in looking for alternatives yet). > I used this port and it worked for me. Initially I could not get > DKIM pass with GMail, but with -c relaxed/relaxed Google is now > happy. it's probably worth figuring out what's going on without that setting, but generally relaxed/relaxed is recommended anyway https://wordtothewise.com/2016/12/dkim-canonicalization-or-why-microsoft-breaks-your-mail/ https://wordtothewise.com/2018/07/minimal-dmarc/ > I also ran filter-dkimsign as _smtpd user and not as the one from below > patch named _dkimsign. I didn't see that last attached version of the > port referenced that user. My only feedback would be small smtpd.conf > snippet inside the package to show how to integrate this filter with > smtpd. > > > On 9/5/19 3:22 PM, Martijn van Duren wrote: > > > On 8/24/19 6:37 AM, Martijn van Duren wrote: > > >> $ cat pkg/DESCR > > >> filter-dkim is an opensmtpd filter that signs email with a dkim > > >> signature. > > >> $ > > >> > > >> Since I'm not too familiar with ports I would like to pay special > > >> attention to the Makefile of both the port as well as the source. like libopensmtpd, it needs MAKE_FLAGS= CC="${CC}". WANTLIB needs updating: opensmtpd-filter-dkimsign-0.1(mail/opensmtpd-filters/dkimsign): Missing: crypto.45 (/usr/local/libexec/smtpd/filter-dkimsign) (system lib) Extra: pthread.26 WANTLIB += crypto *** Error 1 in target 'port-lib-depends-check' (ignored) > > >> Also, I currently host the release tarballs at my personal server, which > > >> I also use for generic other stuff and might not always be available. > > >> If someone from the ports team has a more stable location to host the > > >> release tarballs let me know. I think that's all that anyone else doing ports distfile hosting has .. > > >> Furthermore smtpd.conf allows for filters to be run as another user > > >> (currently undocumented). I know we're tight for uids, but can we > > >> reserve one for this port, so we can protect the dkim signing key from > > >> the smtpd users? Or could it be possible to share a uid with another > > >> port with similar purpose? E.g. dkimproxy? > > >> > > >> martijn@ > > >> > > >> > > > I renamed the package to opensmtpd-filter-dkimsign. This to allow for a > > > future dkimverify. Moved port to mail/opensmtpd-filters/dkimsign. > > > > > > Apart from reserving a user, same questions as above remain. > > Not sure, which one is the "same questions as above", but if it is about > the below user I think this is good idea. > > > > > Index: user.list > > > =================================================================== > > > RCS file: /cvs/ports/infrastructure/db/user.list,v > > > retrieving revision 1.351 > > > diff -u -p -r1.351 user.list > > > --- user.list 25 Aug 2019 12:06:28 -0000 1.351 > > > +++ user.list 5 Sep 2019 13:21:08 -0000 > > > @@ -350,3 +350,4 @@ id user group port options > > > 839 _exabgp _exabgp net/exabgp > > > 840 _dma _dma mail/dma > > > 841 _rt _rt www/rt > > > +842 _dkimsign _dkimsign mail/opensmtpd-filters/dkimsign > > > > > > > -- > Regards, > Mikolaj >
