Multi-domain DKIM signature with OpenSMTPd

classic Classic list List threaded Threaded
14 messages Options
Reply | Threaded
Open this post in threaded view
|

Multi-domain DKIM signature with OpenSMTPd

MImoza
Hi everybody
I'm looking to use OpenDKIM with OpenSMTPd. Has anyone ever done it
before ?
My first intention is to sign mails from different domains on a single
mail server. So the

OpenDKIM works with a socket and I don't know how and if it works with
the smptd filter.
I've seen the «opensmptd-filter-dkimsign» packet, but we can only
specify one domaine.

Otherwise I'd be looking at the side of dkimproxy if it can do the job
or not.

Thx for any help.

Reply | Threaded
Open this post in threaded view
|

Re: Multi-domain DKIM signature with OpenSMTPd

Hiltjo Posthuma
On Wed, Mar 18, 2020 at 06:23:30PM +0100, Matthieu wrote:

> Hi everybody
> I'm looking to use OpenDKIM with OpenSMTPd. Has anyone ever done it before ?
> My first intention is to sign mails from different domains on a single mail
> server. So the
>
> OpenDKIM works with a socket and I don't know how and if it works with the
> smptd filter.
> I've seen the «opensmptd-filter-dkimsign» packet, but we can only specify
> one domaine.
>
> Otherwise I'd be looking at the side of dkimproxy if it can do the job or
> not.
>
> Thx for any help.
>

Hi,

Theres an example described in the smtpd.conf(5) man page.

opensmtpd filters are in ports as a package: opensmtpd-filter-dkimsign

The source-code is at: https://imperialat.at/dev/filter-dkimsign/ in main.c
It's relatively small and also privilege-separated.

It has a parameter to set the domain name (-d). In smtpd.conf you can define
multiple filters. See also the man page filter-dkimsign(8) for detailed
information.

I've replaced dkimproxy (Perl-based and complex) with
opensmtpd-filter-dkimsign. It works well for my needs.

--
Kind regards,
Hiltjo

Reply | Threaded
Open this post in threaded view
|

Re: Multi-domain DKIM signature with OpenSMTPd

MImoza
Le 18/03/2020 à 19:39, Hiltjo Posthuma a écrit :

> On Wed, Mar 18, 2020 at 06:23:30PM +0100, Matthieu wrote:
>> Hi everybody
>> I'm looking to use OpenDKIM with OpenSMTPd. Has anyone ever done it before ?
>> My first intention is to sign mails from different domains on a single mail
>> server. So the
>>
>> OpenDKIM works with a socket and I don't know how and if it works with the
>> smptd filter.
>> I've seen the «opensmptd-filter-dkimsign» packet, but we can only specify
>> one domaine.
>>
>> Otherwise I'd be looking at the side of dkimproxy if it can do the job or
>> not.
>>
>> Thx for any help.
>>
>
> Hi,
>
> Theres an example described in the smtpd.conf(5) man page.
>
> opensmtpd filters are in ports as a package: opensmtpd-filter-dkimsign
>
> The source-code is at: https://imperialat.at/dev/filter-dkimsign/ in main.c
> It's relatively small and also privilege-separated.
>
> It has a parameter to set the domain name (-d). In smtpd.conf you can define
> multiple filters. See also the man page filter-dkimsign(8) for detailed
> information.
>
> I've replaced dkimproxy (Perl-based and complex) with
> opensmtpd-filter-dkimsign. It works well for my needs.
>

Hi Hiltjo,
Currently I already use opensmtpd-filter-dkimsign, but I didn't
understand how to use it for multiple domains at once.

I've seen the example in the man page :
https://man.openbsd.org/smtpd.conf#opensmtpd-filter-dkimsign

I thought <domain> was to be replaced by only one domain to sign. Is a
domain a table like Alias? If so, what is the format of the file? But I
doubt it since in the filter code it doesn't look like a list.

static char *domain = NULL;
[…]
box 'd':
     domain = optarg;
[…]
if (!dkim_signature_printf(message,
            "DKIM-Signature: v=%s; a=%s-%s; c=%s/%s; d=%s; s=%s; ", "1",
            cryptalg, hashalg,
            canonheader == CANON_SIMPLE ? "simple": "relaxed."
            canonbody == CANON_SIMPLE ? "simple": "relaxed."
            domain, selector))

Finally in the example given in this presentation it is indeed a single
domain:
https://fosdem.org/2020/schedule/event/opensmtpd_in_the_cloud/attachments/slides/3736/export/events/attachments/opensmtpd_in_the_cloud/slides/3736/OpenSMTPD_Slides.pdf 


Besides, I can't find the man page you're talking about:
https://man.openbsd.org/filter-dkimsign

Finally, I understand how to write multiple filters, but not how to
modify the "listen" directive to choose the right filter.




Reply | Threaded
Open this post in threaded view
|

Re: Multi-domain DKIM signature with OpenSMTPd

Martijn van Duren-6
On 3/18/20 8:41 PM, Matthieu wrote:

> Le 18/03/2020 à 19:39, Hiltjo Posthuma a écrit :
>> On Wed, Mar 18, 2020 at 06:23:30PM +0100, Matthieu wrote:
>>> Hi everybody
>>> I'm looking to use OpenDKIM with OpenSMTPd. Has anyone ever done it before ?
>>> My first intention is to sign mails from different domains on a single mail
>>> server. So the
>>>
>>> OpenDKIM works with a socket and I don't know how and if it works with the
>>> smptd filter.
>>> I've seen the «opensmptd-filter-dkimsign» packet, but we can only specify
>>> one domaine.
>>>
>>> Otherwise I'd be looking at the side of dkimproxy if it can do the job or
>>> not.
>>>
>>> Thx for any help.
>>>
>>
>> Hi,
>>
>> Theres an example described in the smtpd.conf(5) man page.
>>
>> opensmtpd filters are in ports as a package: opensmtpd-filter-dkimsign
>>
>> The source-code is at: https://imperialat.at/dev/filter-dkimsign/ in main.c
>> It's relatively small and also privilege-separated.
>>
>> It has a parameter to set the domain name (-d). In smtpd.conf you can define
>> multiple filters. See also the man page filter-dkimsign(8) for detailed
>> information.
>>
>> I've replaced dkimproxy (Perl-based and complex) with
>> opensmtpd-filter-dkimsign. It works well for my needs.
>>
>
> Hi Hiltjo,
> Currently I already use opensmtpd-filter-dkimsign, but I didn't
> understand how to use it for multiple domains at once.
>
> I've seen the example in the man page :
> https://man.openbsd.org/smtpd.conf#opensmtpd-filter-dkimsign
>
> I thought <domain> was to be replaced by only one domain to sign. Is a
> domain a table like Alias? If so, what is the format of the file? But I
> doubt it since in the filter code it doesn't look like a list.
>
> static char *domain = NULL;
> […]
> box 'd':
>      domain = optarg;
> […]
> if (!dkim_signature_printf(message,
>    "DKIM-Signature: v=%s; a=%s-%s; c=%s/%s; d=%s; s=%s; ", "1",
>    cryptalg, hashalg,
>    canonheader == CANON_SIMPLE ? "simple": "relaxed."
>    canonbody == CANON_SIMPLE ? "simple": "relaxed."
>    domain, selector))
>
> Finally in the example given in this presentation it is indeed a single
> domain:
> https://fosdem.org/2020/schedule/event/opensmtpd_in_the_cloud/attachments/slides/3736/export/events/attachments/opensmtpd_in_the_cloud/slides/3736/OpenSMTPD_Slides.pdf 
>
That's because filter-dkimsign doesn't support multiple domains, and
unless someone can give me a good reason to do so it probably is going
to stay that way.

I know that some mail providers add an additional positive score to
your spam rating if you have DKIM, but I reckon this is BS, because
DKIM is nothing more than a glorified debugging tool to tell you which
server butchered the content of your mail if every server in the chain
adds a DKIM signature. To be precise: it only tells you that a
particular domain owner (d-option) knows what server(s) a particular key
(s-option) belongs to, so that if a signature fails it it could only
have happened before the last server which has a valid signature.

Could you explain why you (think you) need to have multiple domain
support?
>
> Besides, I can't find the man page you're talking about:
> https://man.openbsd.org/filter-dkimsign

man.openbsd.org doesn't contain manpages for packages.
But it should be installed with the package (man filter-dkimsign)
>
> Finally, I understand how to write multiple filters, but not how to
> modify the "listen" directive to choose the right filter.
>
You (currently?) can't. If you want multiple conditions on different
filters you would need to create multiple listening sockets (e.g.
multiple ips or ports) and apply the correct match-rules based on the
socket.

martijn@

Reply | Threaded
Open this post in threaded view
|

Re: Multi-domain DKIM signature with OpenSMTPd

Graeme Lee


On 19/03/2020 8:45 am, Martijn van Duren wrote:

> On 3/18/20 8:41 PM, Matthieu wrote:
>> Le 18/03/2020 à 19:39, Hiltjo Posthuma a écrit :
>>> On Wed, Mar 18, 2020 at 06:23:30PM +0100, Matthieu wrote:
>>>> Hi everybody
>>>> I'm looking to use OpenDKIM with OpenSMTPd. Has anyone ever done it before ?
>>>> My first intention is to sign mails from different domains on a single mail
>>>> server. So the
>>>>
>>>> OpenDKIM works with a socket and I don't know how and if it works with the
>>>> smptd filter.
>>>> I've seen the «opensmptd-filter-dkimsign» packet, but we can only specify
>>>> one domaine.
>>>>
>>>> Otherwise I'd be looking at the side of dkimproxy if it can do the job or
>>>> not.
>>>>
>>>> Thx for any help.
>>>>
>>> Hi,
>>>
>>> Theres an example described in the smtpd.conf(5) man page.
>>>
>>> opensmtpd filters are in ports as a package: opensmtpd-filter-dkimsign
>>>
>>> The source-code is at: https://imperialat.at/dev/filter-dkimsign/ in main.c
>>> It's relatively small and also privilege-separated.
>>>
>>> It has a parameter to set the domain name (-d). In smtpd.conf you can define
>>> multiple filters. See also the man page filter-dkimsign(8) for detailed
>>> information.
>>>
>>> I've replaced dkimproxy (Perl-based and complex) with
>>> opensmtpd-filter-dkimsign. It works well for my needs.
>>>
>> Hi Hiltjo,
>> Currently I already use opensmtpd-filter-dkimsign, but I didn't
>> understand how to use it for multiple domains at once.
>>
>> I've seen the example in the man page :
>> https://man.openbsd.org/smtpd.conf#opensmtpd-filter-dkimsign
>>
>> I thought <domain> was to be replaced by only one domain to sign. Is a
>> domain a table like Alias? If so, what is the format of the file? But I
>> doubt it since in the filter code it doesn't look like a list.
>>
>> static char *domain = NULL;
>> […]
>> box 'd':
>>       domain = optarg;
>> […]
>> if (!dkim_signature_printf(message,
>>    "DKIM-Signature: v=%s; a=%s-%s; c=%s/%s; d=%s; s=%s; ", "1",
>>    cryptalg, hashalg,
>>    canonheader == CANON_SIMPLE ? "simple": "relaxed."
>>    canonbody == CANON_SIMPLE ? "simple": "relaxed."
>>    domain, selector))
>>
>> Finally in the example given in this presentation it is indeed a single
>> domain:
>> https://fosdem.org/2020/schedule/event/opensmtpd_in_the_cloud/attachments/slides/3736/export/events/attachments/opensmtpd_in_the_cloud/slides/3736/OpenSMTPD_Slides.pdf
>>
> That's because filter-dkimsign doesn't support multiple domains, and
> unless someone can give me a good reason to do so it probably is going
> to stay that way.
I'm using dkimproxy for this.  I host multiple domain names. dkimproxy
is pretty easy to configure to sign outbound on a per domain basis.

/etc/dkimproxy_out.conf
listen 127.0.0.1:<port1>
relay 127.0.0.1:<smtpd port>
sender_map /etc/mail/dkim/sender_map

/etc/dmail/dkim/sender_map
example.com
dkim(key=/etc/mail/dkim/example.com.key,d=example.com,c=relaxed,s=selector1)
example.org
dkim(key=/etc/mail/dkim/example.org.key,d=example.org,c=simple,s=selector1)
...<blah blah blah>

I can send the smtpdconf through if you're stuck.

If the domain being relayed is not in the map, it isn't signed.
dkimproxy is not doing any inbound processing.  It would be awesome to
pull this from a pgsql db source, which is how I manage what smtpd can
and cannot relay.

>
> I know that some mail providers add an additional positive score to
> your spam rating if you have DKIM, but I reckon this is BS, because
> DKIM is nothing more than a glorified debugging tool to tell you which
> server butchered the content of your mail if every server in the chain
> adds a DKIM signature. To be precise: it only tells you that a
> particular domain owner (d-option) knows what server(s) a particular key
> (s-option) belongs to, so that if a signature fails it it could only
> have happened before the last server which has a valid signature.
>
> Could you explain why you (think you) need to have multiple domain
> support?
I own (and manage) multiple domains.  Why would I not take advantage of
virtual domains on 1 host?

Graeme


Reply | Threaded
Open this post in threaded view
|

Re: Multi-domain DKIM signature with OpenSMTPd

Martijn van Duren-6
On 3/19/20 5:06 AM, Graeme Lee wrote:

>
>
> On 19/03/2020 8:45 am, Martijn van Duren wrote:
>> On 3/18/20 8:41 PM, Matthieu wrote:
>>> Le 18/03/2020 à 19:39, Hiltjo Posthuma a écrit :
>>>> On Wed, Mar 18, 2020 at 06:23:30PM +0100, Matthieu wrote:
>>>>> Hi everybody
>>>>> I'm looking to use OpenDKIM with OpenSMTPd. Has anyone ever done it before ?
>>>>> My first intention is to sign mails from different domains on a single mail
>>>>> server. So the
>>>>>
>>>>> OpenDKIM works with a socket and I don't know how and if it works with the
>>>>> smptd filter.
>>>>> I've seen the «opensmptd-filter-dkimsign» packet, but we can only specify
>>>>> one domaine.
>>>>>
>>>>> Otherwise I'd be looking at the side of dkimproxy if it can do the job or
>>>>> not.
>>>>>
>>>>> Thx for any help.
>>>>>
>>>> Hi,
>>>>
>>>> Theres an example described in the smtpd.conf(5) man page.
>>>>
>>>> opensmtpd filters are in ports as a package: opensmtpd-filter-dkimsign
>>>>
>>>> The source-code is at: https://imperialat.at/dev/filter-dkimsign/ in main.c
>>>> It's relatively small and also privilege-separated.
>>>>
>>>> It has a parameter to set the domain name (-d). In smtpd.conf you can define
>>>> multiple filters. See also the man page filter-dkimsign(8) for detailed
>>>> information.
>>>>
>>>> I've replaced dkimproxy (Perl-based and complex) with
>>>> opensmtpd-filter-dkimsign. It works well for my needs.
>>>>
>>> Hi Hiltjo,
>>> Currently I already use opensmtpd-filter-dkimsign, but I didn't
>>> understand how to use it for multiple domains at once.
>>>
>>> I've seen the example in the man page :
>>> https://man.openbsd.org/smtpd.conf#opensmtpd-filter-dkimsign
>>>
>>> I thought <domain> was to be replaced by only one domain to sign. Is a
>>> domain a table like Alias? If so, what is the format of the file? But I
>>> doubt it since in the filter code it doesn't look like a list.
>>>
>>> static char *domain = NULL;
>>> […]
>>> box 'd':
>>>       domain = optarg;
>>> […]
>>> if (!dkim_signature_printf(message,
>>>    "DKIM-Signature: v=%s; a=%s-%s; c=%s/%s; d=%s; s=%s; ", "1",
>>>    cryptalg, hashalg,
>>>    canonheader == CANON_SIMPLE ? "simple": "relaxed."
>>>    canonbody == CANON_SIMPLE ? "simple": "relaxed."
>>>    domain, selector))
>>>
>>> Finally in the example given in this presentation it is indeed a single
>>> domain:
>>> https://fosdem.org/2020/schedule/event/opensmtpd_in_the_cloud/attachments/slides/3736/export/events/attachments/opensmtpd_in_the_cloud/slides/3736/OpenSMTPD_Slides.pdf
>>>
>> That's because filter-dkimsign doesn't support multiple domains, and
>> unless someone can give me a good reason to do so it probably is going
>> to stay that way.
> I'm using dkimproxy for this.  I host multiple domain names. dkimproxy
> is pretty easy to configure to sign outbound on a per domain basis.
>
> /etc/dkimproxy_out.conf
> listen 127.0.0.1:<port1>
> relay 127.0.0.1:<smtpd port>
> sender_map /etc/mail/dkim/sender_map
>
> /etc/dmail/dkim/sender_map
> example.com
> dkim(key=/etc/mail/dkim/example.com.key,d=example.com,c=relaxed,s=selector1)
> example.org
> dkim(key=/etc/mail/dkim/example.org.key,d=example.org,c=simple,s=selector1)
> ...<blah blah blah>
>
> I can send the smtpdconf through if you're stuck.
>
> If the domain being relayed is not in the map, it isn't signed.
> dkimproxy is not doing any inbound processing.  It would be awesome to
> pull this from a pgsql db source, which is how I manage what smtpd can
> and cannot relay.
>
>>
>> I know that some mail providers add an additional positive score to
>> your spam rating if you have DKIM, but I reckon this is BS, because
>> DKIM is nothing more than a glorified debugging tool to tell you which
>> server butchered the content of your mail if every server in the chain
>> adds a DKIM signature. To be precise: it only tells you that a
>> particular domain owner (d-option) knows what server(s) a particular key
>> (s-option) belongs to, so that if a signature fails it it could only
>> have happened before the last server which has a valid signature.
>>
>> Could you explain why you (think you) need to have multiple domain
>> support?
> I own (and manage) multiple domains.  Why would I not take advantage of
> virtual domains on 1 host?

I do to, but as far as I'm aware there's nothing in the spec that states
that a mail domain should be signed with a key in its own domain; and
I'd to think that I've be pretty thorough while reading it multiple
times. If I want I can sign a mail with an @gmail.com sender on it with
my personal imperialat.at DKIM key and recipients will properly validate
it.

So yes, I have multiple virtual hosts and only one key (domain+selector)
per server. And if you were to look through your mailbox you'd find
multiple vendors who also sign their mail with a different domain in
their DKIM signature than is in the domain component of their from
header; including office365.
>
> Graeme
>
>

Reply | Threaded
Open this post in threaded view
|

Re: Multi-domain DKIM signature with OpenSMTPd

Chris Bennett-4
In reply to this post by Martijn van Duren-6
On Wed, Mar 18, 2020 at 10:45:06PM +0100, Martijn van Duren wrote:

> That's because filter-dkimsign doesn't support multiple domains, and
> unless someone can give me a good reason to do so it probably is going
> to stay that way.
>
> I know that some mail providers add an additional positive score to
> your spam rating if you have DKIM, but I reckon this is BS, because
> DKIM is nothing more than a glorified debugging tool to tell you which
> server butchered the content of your mail if every server in the chain
> adds a DKIM signature. To be precise: it only tells you that a
> particular domain owner (d-option) knows what server(s) a particular key
> (s-option) belongs to, so that if a signature fails it it could only
> have happened before the last server which has a valid signature.
>
> Could you explain why you (think you) need to have multiple domain
> support?
> You (currently?) can't. If you want multiple conditions on different
> filters you would need to create multiple listening sockets (e.g.
> multiple ips or ports) and apply the correct match-rules based on the
> socket.
>
> martijn@
>

OK, thanks for clearing that up. I learned a lot using it. I would also
like to use multiple domains, but I don't see any reason to ask you to
do any more work than you want to.
Thanks for your work. I appreciate it. And trying to use multiple
domains was a good lesson in strange results. :-}

Chris Bennett


Reply | Threaded
Open this post in threaded view
|

Re: Multi-domain DKIM signature with OpenSMTPd

Martijn van Duren-6
On 3/19/20 7:49 PM, Chris Bennett wrote:

> On Wed, Mar 18, 2020 at 10:45:06PM +0100, Martijn van Duren wrote:
>> That's because filter-dkimsign doesn't support multiple domains, and
>> unless someone can give me a good reason to do so it probably is going
>> to stay that way.
>>
>> I know that some mail providers add an additional positive score to
>> your spam rating if you have DKIM, but I reckon this is BS, because
>> DKIM is nothing more than a glorified debugging tool to tell you which
>> server butchered the content of your mail if every server in the chain
>> adds a DKIM signature. To be precise: it only tells you that a
>> particular domain owner (d-option) knows what server(s) a particular key
>> (s-option) belongs to, so that if a signature fails it it could only
>> have happened before the last server which has a valid signature.
>>
>> Could you explain why you (think you) need to have multiple domain
>> support?
>> You (currently?) can't. If you want multiple conditions on different
>> filters you would need to create multiple listening sockets (e.g.
>> multiple ips or ports) and apply the correct match-rules based on the
>> socket.
>>
>> martijn@
>>
>
> OK, thanks for clearing that up. I learned a lot using it. I would also
> like to use multiple domains, but I don't see any reason to ask you to
> do any more work than you want to.
> Thanks for your work. I appreciate it. And trying to use multiple
> domains was a good lesson in strange results. :-}
>
> Chris Bennett
>
I've had multiple people tell me that they want to have multiple domain
support, but either they misunderstood the workings of DKIM, or it's a
case of "but it gives me the warm and fuzzies".

So please, be as clear as you can be on why you want to use it and how
you want to use it; and either we can improve your understanding of the
spec and your setup (and help people on the list at the same time) or
you make a valid case (maybe I did miss something) and I might be
motivated to add it.

In other words, I'm not definitively saying no, but it will only
complicate the code even further with all the additional risks; there
must be a damn good reason to go down that path.

Reply | Threaded
Open this post in threaded view
|

Re: Multi-domain DKIM signature with OpenSMTPd

MImoza
In reply to this post by Chris Bennett-4

> On Wed, Mar 18, 2020 at 10:45:06PM +0100, Martijn van Duren wrote:

> Could you explain why you (think you) need to have multiple domain
> support?
> You (currently?) can't. If you want multiple conditions on different
> filters you would need to create multiple listening sockets (e.g.
> multiple ips or ports) and apply the correct match-rules based on the
> socket.
>
> martijn@
>
Thank you for your response.
My main reason is that, as a freelancer, I have a professional email
that I don't want to mix with my personal email. Moreover, a friend asks
me to host his emails and I don't want to mix it up either.

I'm not develloper C, but if I propose a patch for this feature, does it
have a possibility to be integrated ?

Reply | Threaded
Open this post in threaded view
|

Re: Multi-domain DKIM signature with OpenSMTPd

Martijn van Duren-6
On 3/19/20 8:24 PM, Matthieu wrote:

>
>> On Wed, Mar 18, 2020 at 10:45:06PM +0100, Martijn van Duren wrote:
>
>> Could you explain why you (think you) need to have multiple domain
>> support?
>> You (currently?) can't. If you want multiple conditions on different
>> filters you would need to create multiple listening sockets (e.g.
>> multiple ips or ports) and apply the correct match-rules based on the
>> socket.
>>
>> martijn@
>>
> Thank you for your response.
> My main reason is that, as a freelancer, I have a professional email
> that I don't want to mix with my personal email. Moreover, a friend asks
> me to host his emails and I don't want to mix it up either.

Please be more concise. What do you mean "don't want to mix it up"?
What would be mixed up? What would be the consequences of that?
Based on what would it need to be separated?

And just to be clear, I'm not trying to be a pedantic asshole for its
own sake. I honestly don't see where our interpretations diverge.
>
> I'm not develloper C, but if I propose a patch for this feature, does it
> have a possibility to be integrated ?
>
Any patch is welcome if properly motivated. If it's not up to par we can
always polish it further. But I'd advise to first come to an understanding
on the motivation.

Reply | Threaded
Open this post in threaded view
|

Re: Multi-domain DKIM signature with OpenSMTPd

MImoza
Le 19/03/2020 à 20:46, Martijn van Duren a écrit :
> On 3/19/20 8:24 PM, Matthieu wrote:
>> Thank you for your response.
>> My main reason is that, as a freelancer, I have a professional email
>> that I don't want to mix with my personal email. Moreover, a friend asks
>> me to host his emails and I don't want to mix it up either.
>
> Please be more concise. What do you mean "don't want to mix it up"?
> What would be mixed up? What would be the consequences of that?
> Based on what would it need to be separated?
I don't want the personal or professional domain name to appear in the
other's signature. I understand that nobody is going to look at it and
that it's a bit maniacal, but I find it cleaner.
Knowing that Gmail and others are quite strict about their spam filters,
I don't find it useless.


>
> And just to be clear, I'm not trying to be a pedantic asshole for its
> own sake. I honestly don't see where our interpretations diverge.
No problem to discuss it.

>>
>> I'm not develloper C, but if I propose a patch for this feature, does it
>> have a possibility to be integrated ?
>>
> Any patch is welcome if properly motivated. If it's not up to par we can
> always polish it further. But I'd advise to first come to an understanding
> on the motivation.

My motivations are those set out above. Otherwise I can always fall back
on dkimproxy.

Reply | Threaded
Open this post in threaded view
|

Re: Multi-domain DKIM signature with OpenSMTPd

Martijn van Duren-6
On 3/19/20 9:21 PM, Matthieu wrote:

> Le 19/03/2020 à 20:46, Martijn van Duren a écrit :
>> On 3/19/20 8:24 PM, Matthieu wrote:
>>> Thank you for your response.
>>> My main reason is that, as a freelancer, I have a professional email
>>> that I don't want to mix with my personal email. Moreover, a friend asks
>>> me to host his emails and I don't want to mix it up either.
>>
>> Please be more concise. What do you mean "don't want to mix it up"?
>> What would be mixed up? What would be the consequences of that?
>> Based on what would it need to be separated?
> I don't want the personal or professional domain name to appear in the
> other's signature. I understand that nobody is going to look at it and
> that it's a bit maniacal, but I find it cleaner.
> Knowing that Gmail and others are quite strict about their spam filters,
> I don't find it useless.
>
So basically the warm and fuzzies. :-)
No problem, but in that case dkimsign is not for you and dkimproxy might
be more suitable.

Reply | Threaded
Open this post in threaded view
|

Re: Multi-domain DKIM signature with OpenSMTPd

Stuart Henderson
In reply to this post by MImoza
On 2020-03-18, Matthieu <[hidden email]> wrote:

> Hi everybody
> I'm looking to use OpenDKIM with OpenSMTPd. Has anyone ever done it
> before ?
> My first intention is to sign mails from different domains on a single
> mail server. So the
>
> OpenDKIM works with a socket and I don't know how and if it works with
> the smptd filter.
> I've seen the «opensmptd-filter-dkimsign» packet, but we can only
> specify one domaine.
>
> Otherwise I'd be looking at the side of dkimproxy if it can do the job
> or not.
>
> Thx for any help.
>
>

You should be able to do this with rspamd + opensmtpd-filter-rspamd ..

Reply | Threaded
Open this post in threaded view
|

Re: Multi-domain DKIM signature with OpenSMTPd

MImoza
Le 20/03/2020 à 23:25, Stuart Henderson a écrit :

> On 2020-03-18, Matthieu <[hidden email]> wrote:
>> Hi everybody
>> I'm looking to use OpenDKIM with OpenSMTPd. Has anyone ever done it
>> before ?
>> My first intention is to sign mails from different domains on a single
>> mail server. So the
>>
>> OpenDKIM works with a socket and I don't know how and if it works with
>> the smptd filter.
>> I've seen the «opensmptd-filter-dkimsign» packet, but we can only
>> specify one domaine.
>>
>> Otherwise I'd be looking at the side of dkimproxy if it can do the job
>> or not.
>>
>> Thx for any help.
>>
>>
>
> You should be able to do this with rspamd + opensmtpd-filter-rspamd ..
>

Thx Stuart,
It solved with dkimproxy finally.