mirror of
https://blitiri.com.ar/repos/chasquid
synced 2025-12-22 15:27:02 +00:00
270a071c1e
This patch adds support in the default hook for using dkimpy for DKIM signing. Unfortunately, dkimpy binaries have the same name as driusan/dkim's, so we need to use --help to disambiguate. It's not pretty but it should work, and is quite self contained. Also, for the integration tests, we still need driusan/dkim because dkimpy lacks the features needed. Specifically, dkimpy's dkimverify can't be made to use custom DNS, or override the TXT values in any way, so we can't verify that the generated signature is reasonable. Thanks to ne9z@github for suggesting this change and providing an alternative patch in https://github.com/albertito/chasquid/pull/19.
1.0 KiB
1.0 KiB
DKIM integration
chasquid supports generating DKIM signatures via the hooks mechanism.
Signing
The example hook in this repository contains an example of integration with driusan/dkim and dkimpy, and assumes the following:
- The selector for a domain
can be found in the file
domains/$DOMAIN/dkim_selector. - The private key to use for signing can be found in the file
certs/$DOMAIN/dkim_privkey.pem.
Only authenticated email will be signed.
Verification
Verifying signatures is technically supported as well, and can be done in the same hook. However, it's not recommended for SMTP servers to reject mail on verification failures (source 1, source 2), so it is not included in the example.