[Mimedefang] What about DKIM

Philip Prindeville philipp at redfish-solutions.com
Thu Mar 14 19:31:39 EDT 2024 


> On May 9, 2013, at 3:30 PM, David F. Skoll <dfs at roaringpenguin.com> wrote:
> 
> On Thu, 9 May 2013 12:14:40 -0600
> Philip Prindeville <philipp_subx at redfish-solutions.com> wrote:
> 
>> And DKIM support for verification is in SpamAssassin, but I'm not
>> seeing any support for signing in MimeDefang.
> 
> It is very easy to add.  Use the Mail::DKIM::Signer and Mail::DKIM::TextWrap
> modules from CPAN.  This is in our filter and we call it to sign a message
> from filter_end:
> 
> sub dkim_sign
> {
>      my $dkim = Mail::DKIM::Signer->new(
>              Algorithm => "rsa-sha1",
>              Method => "relaxed",
>              Domain => "roaringpenguin.com",
>              Selector => "main",
>              KeyFile => "/etc/ssl/private/roaringpenguin.com.dkim.2048.key");
>      if (open(TOSIGN, "<INPUTMSG")) {
>              while(<TOSIGN>) {
>                      # remove local line terminators
>                      chomp;
>                      s/\015$//;
> 
>                      # use SMTP line terminators
>                      $dkim->PRINT("$_\015\012");
>              }
>              close(TOSIGN);
>              $dkim->CLOSE();
>              my $signature = $dkim->signature()->as_string();
>              $signature =~ s/^DKIM-Signature:\s+//i;
>              action_add_header('DKIM-Signature', $signature);
>      }
> }
> 


Came back to this because I've had to tweak it as shown to get it to do what I wanted.

Didn't want others trying it and having the same frustration.  I replaced the last 3 statements with:


	my ($header, $signature) = split(/:\s+/i, $dkim->signature()->as_string(), 2);
	$signature =~ s/\r\n/\n/g;
	chomp $signature;

	action_add_header($header, $signature);


And the reasoning is:

(1) the header you get back from $dkim->signature() is good as-is, you just need to peel it off to use with action_add_header() into a tuple;

(2) the multiline signature value has \r\n as line termination, but the milter expects newlines;

(3) you don't need a newline at the end of the header value, one will be added for you by action_add_header().

Hope this helps!

-Philip

P.S. Wrote this and then saw the Changelog for 2.86 and the addition of md_dkim_sign() ...


> Regards,
> 
> David.

More information about the MIMEDefang mailing list