ref: ec82a9420ae3520be5449f35f7c6a789f0455c26
dir: /dkim.ms/
upas/dkim can help sign outgoing email.
The filter(1) man page states:
.P1
upas/dkim [ -d domain ] [ -s selector ]
Dkim Takes a mail message as standard input, and signs a
selection of headers and the body of the message. The -d
flag specifies the domain, and the -s flag specifies the
selector. If the selector is not specified, it defaults to
dkim. The keyspec searched for the signing key is:
proto=rsa service=dkim role=sign hash=sha256 domain=$domain
.P2
First, we create the dkim key, then load it into factotum:
.P1
; ramfs -p
; cd /tmp
; auth/rsagen -b 2048 -t 'service=dkim role=sign hash=sha256 domain=example.com owner=*' > dkim.key
; cat dkim.key > /mnt/factotum/ctl
.P2
Next we generate the public key in ASN.1 notation:
.P1
pubkey=`{
auth/rsa2asn1 -f spki < dkim.key | \
auth/pemencode DKIMKEY | \
grep -v 'DKIMKEY' | \
ssam 'x/\n/d'
}
.P2
Next, we add the DNS records to /lib/ndb/local:
.P1
domain=example.com
ipaddr=198.51.100.2
echo 'dom=dkim._domainkey.'$domain' soa=
ip='$ipaddr'
refresh=300 ttl=300
ns=ns1.'$domain'
txt="k=rsa; t=s; p='$pubkey" \
>> /lib/ndb/local
.P2
Replace example.com with your actual domain, and replace 198.51.100.2 with your actual IP address.
Next, in line 4 of /mail/lib/qmail, replace upas/vf with a call to upas/dkim:
.P1
ssam '4s_upas/vf_upas/dkim -d example.com_' /mail/lib/qmail
.P2
Note that emails must be properly RFC formatted in order for dkim signing to be valid.
This guide was written thanks to ori@eigenstate.org's instructions (https://inbox.vuxu.org/9front/C4455EEBFA462747FC56BA7BB611E5F6@eigenstate.org)