ref: 872552b3dc5e0872a6382f7b1e7b02df191508ec
dir: /dkim.ms/
upas/dkim can help sign outgoing email. The filter(1) man page states: .P1 upas/dkim [ -d domain ] [ -s selector ] Dkim Takes a mail message as standard input, and signs a selection of headers and the body of the message. The -d flag specifies the domain, and the -s flag specifies the selector. If the selector is not specified, it defaults to dkim. The keyspec searched for the signing key is: proto=rsa service=dkim role=sign hash=sha256 domain=$domain .P2 First, we create the dkim key, then load it into factotum: .P1 ; ramfs -p ; cd /tmp ; auth/rsagen -b 2048 -t 'service=dkim role=sign hash=sha256 domain=example.com owner=*' > dkim.key ; cat dkim.key > /mnt/factotum/ctl .P2 Next we generate the public key in ASN.1 notation: .P1 pubkey=`{ auth/rsa2asn1 -f spki < dkim.key | \ auth/pemencode DKIMKEY | \ grep -v 'DKIMKEY' | \ ssam 'x/\n/d' } .P2 Next, we add the DNS records to /lib/ndb/local: .P1 domain=example.com ipaddr=198.51.100.2 echo 'dom=dkim._domainkey.'$domain' soa= ip='$ipaddr' refresh=300 ttl=300 ns=ns1.'$domain' txt="k=rsa; t=s; p='$pubkey" \ >> /lib/ndb/local .P2 Replace example.com with your actual domain, and replace 198.51.100.2 with your actual IP address. Next, in line 4 of /mail/lib/qmail, replace upas/vf with a call to upas/dkim: .P1 ssam '4s_upas/vf_upas/dkim -d example.com_' /mail/lib/qmail .P2 Note that emails must be properly RFC formatted in order for dkim signing to be valid. This guide was written thanks to ori@eigenstate.org's instructions (https://inbox.vuxu.org/9front/C4455EEBFA462747FC56BA7BB611E5F6@eigenstate.org)