[Mimedefang] What about DKIM
Philip Prindeville
philipp at redfish-solutions.com
Thu Mar 14 19:31:39 EDT 2024
> On May 9, 2013, at 3:30 PM, David F. Skoll <dfs at roaringpenguin.com> wrote:
>
> On Thu, 9 May 2013 12:14:40 -0600
> Philip Prindeville <philipp_subx at redfish-solutions.com> wrote:
>
>> And DKIM support for verification is in SpamAssassin, but I'm not
>> seeing any support for signing in MimeDefang.
>
> It is very easy to add. Use the Mail::DKIM::Signer and Mail::DKIM::TextWrap
> modules from CPAN. This is in our filter and we call it to sign a message
> from filter_end:
>
> sub dkim_sign
> {
> my $dkim = Mail::DKIM::Signer->new(
> Algorithm => "rsa-sha1",
> Method => "relaxed",
> Domain => "roaringpenguin.com",
> Selector => "main",
> KeyFile => "/etc/ssl/private/roaringpenguin.com.dkim.2048.key");
> if (open(TOSIGN, "<INPUTMSG")) {
> while(<TOSIGN>) {
> # remove local line terminators
> chomp;
> s/\015$//;
>
> # use SMTP line terminators
> $dkim->PRINT("$_\015\012");
> }
> close(TOSIGN);
> $dkim->CLOSE();
> my $signature = $dkim->signature()->as_string();
> $signature =~ s/^DKIM-Signature:\s+//i;
> action_add_header('DKIM-Signature', $signature);
> }
> }
>
Came back to this because I've had to tweak it as shown to get it to do what I wanted.
Didn't want others trying it and having the same frustration. I replaced the last 3 statements with:
my ($header, $signature) = split(/:\s+/i, $dkim->signature()->as_string(), 2);
$signature =~ s/\r\n/\n/g;
chomp $signature;
action_add_header($header, $signature);
And the reasoning is:
(1) the header you get back from $dkim->signature() is good as-is, you just need to peel it off to use with action_add_header() into a tuple;
(2) the multiline signature value has \r\n as line termination, but the milter expects newlines;
(3) you don't need a newline at the end of the header value, one will be added for you by action_add_header().
Hope this helps!
-Philip
P.S. Wrote this and then saw the Changelog for 2.86 and the addition of md_dkim_sign() ...
> Regards,
>
> David.
More information about the MIMEDefang
mailing list