Index of /coding/qmail-dkim

Icon  Name                    Last modified      Size  Description
[PARENTDIR] Parent Directory - [   ] qmail-dkim-0.1.pl 2007-12-02 01:52 6.5K [   ] qmail-dkim-0.1.1.pl 2007-12-21 15:14 6.5K [   ] CHECKSUM.MD5 2008-02-14 18:20 179 [   ] CHECKSUM.SHA256 2008-02-14 18:20 284 [   ] qmail-dkim-0.3.pl 2016-06-08 13:29 8.0K [   ] qmail-dkim-0.2.pl 2016-06-08 13:29 7.4K
What is DKIM?
See http://www.dkim.org/, http://www.ietf.org/rfc/rfc4871.txt, http://en.wikipedia.org/wiki/DKIM

NOTES
=====
This wrapper for qmail (qmail-remote) signs all outgoing messages with DKIM
and/or DomainKey. It's completely written in PERL. Signing is done by using
Mail::DKIM. On failure the mail will be deferred (not bounced/dropped).
Configuration file support is included which let you define the various signing
parameters based on the sending-domain. This is also the most significant difference
between this and other implementations for qmail.

Please note that I haven't verified DomainKey-signing yet although it should work.
DKIM-signing is tested and working!


Requirements
============
perl
Mail::DKIM >= 0.29
XML::Simple (used for configuration file)


Installation
============
Please note that all directory- and filenames can be changed by using the configuration
file or modifying the predefined variables at the scripts top.
<qmaildir> should be /var/qmail. If your qmail is installed somewhere else,
edit the script and modify $configfile and $qremote accordingly.

#1
  create directory <qmaildir>/control/dkim
  copy private key to <qmaildir>/control/dkim/global.key
  restrict directory/file permissions. typically only user 'qmailr' needs read access
#2
  create <qmaildir>/control/dkim/signconf.xml
  see configuration-section below for content
#3
  move <qmaildir>/bin/qmail-remote to <qmaildir>/bin/qmail-remote.orig
  move qmail-dkim.pl to <qmaildir>/bin/qmail-remote
  set permissions for <qmaildir>/bin/qmail-remote (use same permissions as qmail-remote.orig)
#4
  publish your public key trough your dns
#5
  send mail and watch qmail log


Configuration
=============
Configuration structure (settings in global are default):
<dkimsign>
  <!-- per default sign all mails using dkim -->
  <global algorithm="rsa-sha256" domain="sender" keyfile="/var/qmail/control/dkim/global.key" method="simple" selector="beta">
    <types id="dkim" />
  </global>

  <!-- use dkim + domainkey for example.com -->
  <example.com selector="beta2">
    <types id="dkim" />
    <types id="domainkey" method="nofws" />
  </example.com>

  <!-- no signing for example2.com -->
  <example2.com />
</dkimsign>

Missing settings will be merged from the global-node.
Every domain-entry will also match its subdomains.
Types-nodes define the signature-types to use ("dkim" and/or "domainkey").
Create empty domain-node to omit signing.

Valid attributes (see RFC for details):
algorithm ..... rsa-sha1 or rsa-sha256 (DK is hardcoded to rsa-sha1)
domain ........ d-tag. Can be either a "sender" (sender signing), a domain (string)
                or a path to a file (path has to be absolute. script will use first
                word of first line only)
keyfile ....... Path to private key
method ........ c-tag
selector ...... s-tag
headers ....... h-tag (default: Mail::DKIM default)
query ......... q-tag (default: Mail::DKIM default)
identity ...... i-tag (DKIM only, default: none)
expiration .... x-tag (DKIM only, default: none)


History
=======
2016-06-08 (0.3)
* add sender signing (domain="sender"), which is default mode now
* sender domain is verified against /var/qmail/control/rcpthosts
  on failure no signing happens
2008-02-14 (0.2)
* added ability to define settings in types-nodes (e.g. different methods for DKIM and DomainKey)
* NOTE: configuration structure of types-node changed slightly
  You need to adapt your configuration (xml)!
* missing types-node will omit signing too
2007-12-21 (0.1.1)
* IMPORTANT: fixed passing empty arguments to qmail-remote
2007-12-02 (0.1)
* first release
* supports dkim and domainkey signing