[Mimedefang] What about DKIM

Philip Prindeville philipp_subx at redfish-solutions.com
Thu Mar 14 21:54:24 EDT 2024



> On May 9, 2013, at 3:30 PM, David F. Skoll <dfs at roaringpenguin.com> wrote:
> 
> On Thu, 9 May 2013 12:14:40 -0600
> Philip Prindeville <philipp_subx at redfish-solutions.com> wrote:
> 
>> And DKIM support for verification is in SpamAssassin, but I'm not
>> seeing any support for signing in MimeDefang.
> 
> It is very easy to add.  Use the Mail::DKIM::Signer and Mail::DKIM::TextWrap
> modules from CPAN.  This is in our filter and we call it to sign a message
> from filter_end:
> 
> sub dkim_sign
> {
>     my $dkim = Mail::DKIM::Signer->new(
>             Algorithm => "rsa-sha1",
>             Method => "relaxed",
>             Domain => "roaringpenguin.com",
>             Selector => "main",
>             KeyFile => "/etc/ssl/private/roaringpenguin.com.dkim.2048.key");
>     if (open(TOSIGN, "<INPUTMSG")) {
>             while(<TOSIGN>) {
>                     # remove local line terminators
>                     chomp;
>                     s/\015$//;
> 
>                     # use SMTP line terminators
>                     $dkim->PRINT("$_\015\012");
>             }
>             close(TOSIGN);
>             $dkim->CLOSE();
>             my $signature = $dkim->signature()->as_string();
>             $signature =~ s/^DKIM-Signature:\s+//i;
>             action_add_header('DKIM-Signature', $signature);
>     }
> }
> 


Came back to this because I've had to tweak it as shown to get it to do what I wanted.

Didn't want others trying it and having the same frustration.  I replaced the last 3 statements with:


	my ($header, $signature) = split(/:\s+/i, $dkim->signature()->as_string(), 2);
	$signature =~ s/\r\n/\n/g;
	chomp $signature;

	action_add_header($header, $signature);


And the reasoning is:

(1) the header you get back from $dkim->signature() is good as-is, you just need to peel it off to use with action_add_header() into a tuple;

(2) the multiline signature value has \r\n as line termination, but the milter expects newlines;

(3) you don't need a newline at the end of the header value, one will be added for you by action_add_header().

Hope this helps!

-Philip

P.S. Wrote this and then saw the Changelog for 2.86 and the addition of md_dkim_sign() ...


> Regards,
> 
> David.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.mimedefang.org/pipermail/mimedefang_lists.mimedefang.org/attachments/20240314/8c98d284/attachment-0001.html>


More information about the MIMEDefang mailing list