mirror of
https://blitiri.com.ar/repos/chasquid
synced 2026-01-23 20:05:55 +00:00
270a071c1e
This patch adds support in the default hook for using dkimpy for DKIM signing. Unfortunately, dkimpy binaries have the same name as driusan/dkim's, so we need to use --help to disambiguate. It's not pretty but it should work, and is quite self contained. Also, for the integration tests, we still need driusan/dkim because dkimpy lacks the features needed. Specifically, dkimpy's dkimverify can't be made to use custom DNS, or override the TXT values in any way, so we can't verify that the generated signature is reasonable. Thanks to ne9z@github for suggesting this change and providing an alternative patch in https://github.com/albertito/chasquid/pull/19.
34 lines
1.0 KiB
Markdown
34 lines
1.0 KiB
Markdown
|
|
# DKIM integration
|
|
|
|
[chasquid] supports generating [DKIM] signatures via the [hooks](hooks.md)
|
|
mechanism.
|
|
|
|
|
|
## Signing
|
|
|
|
The example hook in this repository contains an example of integration with
|
|
[driusan/dkim](https://github.com/driusan/dkim) and
|
|
[dkimpy](https://launchpad.net/dkimpy/), and assumes the following:
|
|
|
|
- The [selector](https://tools.ietf.org/html/rfc6376#section-3.1) for a domain
|
|
can be found in the file `domains/$DOMAIN/dkim_selector`.
|
|
- The private key to use for signing can be found in the file
|
|
`certs/$DOMAIN/dkim_privkey.pem`.
|
|
|
|
Only authenticated email will be signed.
|
|
|
|
|
|
## Verification
|
|
|
|
Verifying signatures is technically supported as well, and can be done in the
|
|
same hook. However, it's not recommended for SMTP servers to reject mail on
|
|
verification failures
|
|
([source 1](https://tools.ietf.org/html/rfc6376#section-6.3),
|
|
[source 2](https://tools.ietf.org/html/rfc7601#section-2.7.1)), so it is not
|
|
included in the example.
|
|
|
|
|
|
[chasquid]: https://blitiri.com.ar/p/chasquid
|
|
[DKIM]: https://en.wikipedia.org/wiki/DomainKeys_Identified_Mail
|