filter-dkimsign(8)

add dkim signature to messages

Section 8 opensmtpd-filter-dkimsign bookworm source

Description

FILTER-DKIMSIGN

NAME

filter-dkimsign - add dkim signature to messages

SYNOPSIS

filter-dkimsign [-tz] [-a algorithm] [-c canonicalization] [-h headers] [-x seconds] -d domain -k file -s selector

DESCRIPTION

filter-dkimsign adds a dkim signature to the message. The following flags are supported:
-a algorithm

The algorithm to use. Supported signing algorithms are rsa and ed25519 (when enabled at compile time). Only sha256 should be used for hashing, since other algorithms are most likely not supported by verifiers. Defaults to rsa-sha256.

-c canonicalization

The canonicalization algorithm used to sign the message. Defaults to simple/simple.

-d domain

The domain where the public key can be found. This option can be specified multiple times to select the best domain during signing. If specified multiple times it looks at the domain component of the first mailbox in the from-header and tries to find a match. If no exact match can be found it looks for the closest parent domain. If no matches can be the first domain specified will be used.

-h headers

The email headers which are included in the mail signature. Per RFC this option requires at least the from header to be included. The headers are specified by separating them with a colon. The default is from:reply-to:subject:date:to:cc:resent-date:resent-from:resent-to:resent-cc:in-reply-to:references:list-id:list-help:list-unsubscribe:list-subscribe:list-post:list-owner:list-archive.

-k file

file should point to a file containing the RSA private key to sign the messages.

-s selector

The selector within the _domainkey subdomain of domain where the public key can be found.

-t

Add the time of signing to the dkim header.

-x seconds

Add the amount of seconds the signature is valid to the dkim header.

-z

Add the mail headers used in the dkim signature to the dkim header. If a second -z is specified all headers will be included in the dkim header. Useful for debugging purposes.

SEE ALSO

smtpd(8)

STANDARDS

D. Crocker, Ed., T. Hansen, Ed., and M. Kucherawy, Ed., DomainKeys Identified Mail (DKIM) Signatures, RFC 6376, Brandenburg InternetWorking, AT&T Laboratories, and Cloudmark, September 2011.

J. Levine, A New Cryptographic Signature Method for DomainKeys Identified Mail, RFC 8463, Taughannock Networks, September 2018.

AUTHORS

Martijn van Duren <martijn@openbsd.org>

See Also