On Fri, 24 Jul 2020 at 03:00, Sam Vaughan <samjvaug...@gmail.com> wrote:
> > On 24 Jul 2020, at 7:52 am, William Carson <opensm...@dsllsn.net> wrote: > > > >> On Jul 22, 2020, at 9:43 PM, Sam Vaughan <samjvaug...@gmail.com> wrote: > >> > >> <snip> > >> > >> I see that everything’s good on OpenBSD thanks to Martijn’s dkim > filter, but there's no port of it on FreeBSD and my initial efforts to > create one showed that it’s not a job for a first-time porter. So I now > don’t know whether to try looking into milter support for OpenDKIM, or > revert back to dkimproxy, or maybe even compile and run an old OpenSMTPd > version like the 6.1 port which works flawlessly on FreeBSD 11.3. > > > > I use mail/dkimproxy on FreeBSD and it works great. I followed the > config template on > https://poolp.org/posts/2018-05-21/switching-to-opensmtpd-new-config/ and > it was very simple and straightforward. > > Thanks William, you’re quite right. I dusted off my old notes for setting > up dkimproxy and it still works just fine with OpenSMTPd 6.7.1p1 on FreeBSD > 12.1. The updated syntax in that link was helpful thank you. > > Of course it still means running a pool of separate proxy processes just > for DKIM signing which is a step backwards from having a dedicated filter, > but it’s a much leaner alternative to using rspamd, and in my experience > much more reliable too. > > When I get some time I’ll have another look at trying to port Martijn’s > filter from OpenBSD. > With the help of Martijn I managed to port filter-dkimsign for Arch Linux. To Martijns credit, it was very little effort. It basically meant writing a Makefile and disabling `pledge` since Linux doesn't have it. I still need to do more testing, but I'm already much happier without rspamd or other external daemons doing the signing :-) The result is available on the AUR [1]. This doesn't directly help for FreeBSD of course, but it may be useful to look at. For now I compiled libopensmtpd (including openbsd-compat) and filter-dkimsign into a single executable for simplicity, but I will probably split that back into a separate library if/when I port other filters too. [1] https://aur.archlinux.org/packages/opensmtpd-filter-dkimsign -- Maarten
