mirror of
https://blitiri.com.ar/repos/chasquid
synced 2025-12-18 14:47:03 +00:00
4ecc5461d3
This patch adds DKIM signing using https://github.com/driusan/dkim tools to the example hook. It also adds an optional integration test to exercise signing and verification, and corresponding documentation.
34 lines
1.0 KiB
Markdown
34 lines
1.0 KiB
Markdown
|
|
# DKIM integration
|
|
|
|
[chasquid] supports generating [DKIM] signatures via the [hooks](hooks.md)
|
|
mechanism.
|
|
|
|
|
|
## Signing
|
|
|
|
The example hook in this repository contains an example of integration with
|
|
[driusan/dkim](https://github.com/driusan/dkim) tools, and assumes the
|
|
following:
|
|
|
|
- The [selector](https://tools.ietf.org/html/rfc6376#section-3.1) for a domain
|
|
can be found in the file `domains/$DOMAIN/dkim_selector`.
|
|
- The private key to use for signing can be found in the file
|
|
`certs/$DOMAIN/dkim_privkey.pem`.
|
|
|
|
Only authenticated email will be signed.
|
|
|
|
|
|
## Verification
|
|
|
|
Verifying signatures is technically supported as well, and can be done in the
|
|
same hook. However, it's not recommended for SMTP servers to reject mail on
|
|
verification failures
|
|
([source 1](https://tools.ietf.org/html/rfc6376#section-6.3),
|
|
[source 2](https://tools.ietf.org/html/rfc7601#section-2.7.1)), so it is not
|
|
included in the example.
|
|
|
|
|
|
[chasquid]: https://blitiri.com.ar/p/chasquid
|
|
[DKIM]: https://en.wikipedia.org/wiki/DomainKeys_Identified_Mail
|