d53c1d2b88
This patch adds some basic instructions to the documentation on how to set up DKIM, using the tools supported by the example hook. It's not meant to be a full DKIM how-to, but to help someone who already knows enough, or who is complementing it with a more general purpose DKIM guide.
2.5 KiB
DKIM integration
chasquid supports generating DKIM signatures via the hooks mechanism.
Signing
The example hook includes integration with driusan/dkim and dkimpy, and assumes the following:
- The selector for a domain
can be found in the file
domains/$DOMAIN/dkim_selector. - The private key to use for signing can be found in the file
certs/$DOMAIN/dkim_privkey.pem.
Only authenticated email will be signed.
Setup with driusan/dkim
-
Install the driusan/dkim tools with something like the following (adjust to your local environment):
for i in dkimsign dkimverify dkimkeygen; do go get github.com/driusan/dkim/cmd/$i go install github.com/driusan/dkim/cmd/$i done sudo cp ~/go/bin/{dkimsign,dkimverify,dkimkeygen} /usr/local/bin -
Generate the domain key for your domain using
dkimkeygen. -
Publish the DNS record from
dns.txt(guide). -
Write the selector you chose to
domains/$DOMAIN/dkim_selector. -
Copy
private.pemto/etc/chasquid/certs/$DOMAIN/dkim_privkey.pem. -
Verify the setup using one of the publicly available tools, like mail-tester.
Setup with dkimpy
- Install dkimpy with
apt install python3-dkimor the equivalent for your environment. - Generate the domain key for your domain using
dknewkey dkim. - Publish the DNS record from
dkim.dns(guide). - Write the selector you chose to
domains/$DOMAIN/dkim_selector. - Copy
dkim.keyto/etc/chasquid/certs/$DOMAIN/dkim_privkey.pem. - Verify the setup using one of the publicly available tools, like mail-tester.
Verification
Verifying signatures is technically supported as well, and can be done in the same hook. However, it's not recommended for SMTP servers to reject mail on verification failures (source 1, source 2), so it is not included in the example.