ref: 321a1da5fa1f41952a5c70654b4d072cac159021
parent: 898834721faaefab3ed0186715bbfd063fdfaebd
author: jrmu <jrmu@cloud9p.org>
date: Wed Aug 7 10:41:35 EDT 2024
Added upas/dkim guide based on ori's instructions at https://inbox.vuxu.org/9front/C4455EEBFA462747FC56BA7BB611E5F6@eigenstate.org/
--- /dev/null
+++ b/dkim.ms
@@ -1,0 +1,54 @@
+upas/dkim can help sign outgoing email.
+
+The filter(1) man page states:
+
+.P1
+ upas/dkim [ -d domain ] [ -s selector ]
+
+ Dkim Takes a mail message as standard input, and signs a
+ selection of headers and the body of the message. The -d
+ flag specifies the domain, and the -s flag specifies the
+ selector. If the selector is not specified, it defaults to
+ dkim. The keyspec searched for the signing key is:
+
+ proto=rsa service=dkim role=sign hash=sha256 domain=$domain
+.P2
+
+First, we create the dkim key, then load it into factotum:
+
+.P1
+; ramfs -p
+; cd /tmp
+; auth/rsagen -b 2048 -t 'service=dkim role=sign hash=sha256 domain=example.com owner=*' > dkim.key
+; cat dkim.key > /mnt/factotum/ctl
+.P2
+
+Next we generate the public key in ASN.1 notation:
+
+.P1
+pubkey=`{+ auth/rsa2asn1 -f spki < dkim.key | \
+ auth/pemencode DKIMKEY | \
+ grep -v 'DKIMKEY' | \
+ ssam 'x/\n/d'
+ }
+.P2
+
+Next, we add the DNS records to /lib/ndb/local:
+
+.P1
+domain=example.com
+echo 'dom=dkim._domainkey.'$domain' soa=
+ ip=144.202.1.203
+ refresh=300 ttl=300
+ ns=ns1.example.com
+ txt="k=rsa; t=s; p='$pubkey" \
+ >> /lib/ndb/local
+.P2
+
+Next, in line 4 of /mail/lib/qmail, replace upas/vf with a call to upas/dkim:
+
+.P1
+ssam '4s_upas/vf_upas/dkim -d example.com_' /mail/lib/qmail
+.P2
+