The mail/opensmtpd-filters/dkimsign port
opensmtpd-filter-dkimsign-0.5p2 – dkim signer integration to the OpenSMTPD daemon (cvsweb github mirror)
Description
filter-dkim is an opensmtpd filter that signs email with a dkim signature.WWW: http://imperialat.at/dev/filter-dkimsign
Readme
+----------------------------------------------------------------------- | Running ${PKGSTEM} on OpenBSD +----------------------------------------------------------------------- To use filter-dkimsign, you must first generate a private key: doas -u _dkimsign openssl genrsa -out ${SYSCONFDIR}/mail/dkim/private.rsa.key 2048 To generate the public key ready for dns: openssl rsa -in ${SYSCONFDIR}/mail/dkim/private.rsa.key -pubout | \ sed '1s/.*/v=DKIM1;p=/;:nl;${s/-----.*//;q;};N;s/\n//g;b nl;' This value needs to be placed in a DNS txt record with the following syntax:._domainkey. Edit the /etc/mail/smtpd.conf file to declare the filter: filter dkimsign_rsa proc-exec "filter-dkimsign -d -s -k ${SYSCONFDIR}/mail/dkim/private.rsa.key" user _dkimsign group _dkimsign Then add the filter to each listener that should be signed: listen on all filter dkimsign_rsa To use Ed25519 similar steps must be taken. To generate the private key: doas -u _dkimsign openssl genpkey -algorithm ed25519 -outform PEM -out ${SYSCONFDIR}/mail/dkim/private.ed25519.key To generate the public key ready for dns: printf "v=DKIM1;k=ed25519;p=%s\n" "$(doas -u _dkimsign openssl pkey -outform DER -pubout -in ${SYSCONFDIR}/mail/dkim/private.ed25519.key | tail -c +13 | openssl base64)" Edit the /etc/mail/smtpd.conf file to declare the filter: filter dkimsign_ed25519 proc-exec "filter-dkimsign -a ed25519-sha256 -d -s -k ${SYSCONFDIR}/mail/dkim/private.ed25519.key" user _dkimsign group _dkimsign To add both filters to each listener that should be signed: filter dkimsign chain { dkimsign_rsa, dkimsign_ed25519 } listen on all filter dkimsign For a full list of options see filter-dkimsign(8).
Maintainer
Martijn van Duren
Categories
Library dependencies
Files
- /etc/mail/dkim/
- /usr/local/libexec/smtpd/
- /usr/local/libexec/smtpd/filter-dkimsign
- /usr/local/man/man8/filter-dkimsign.8
- /usr/local/share/doc/pkg-readmes/opensmtpd-filter-dkimsign
- @newgroup _dkimsign:843
- @newuser _dkimsign:843:843::OpenSMTP DKIM signer:/nonexistent:/sbin/nologin