develooper Front page | perl.qpsmtpd | Postings from April 2013

new feature: DKIM message signing

Thread Next
From:
Matt Simerson
Date:
April 26, 2013 08:47
Subject:
new feature: DKIM message signing
Message ID:
97ABED83-5312-46FA-A35F-FCC6E73E1706@tnpi.net

I added a signing feature to my DKIM plugin. 

https://github.com/qpsmtpd-dev/qpsmtpd-dev/blob/master/plugins/dkim

Matt

PS: for added pleasure, I also added a script that makes deploying DKIM really, really easy.  How easy?

	# cd ~smtpd/config/dkim
	# ./dkim_key_gen.sh example.org

Voila. Keys and selector generated. Now DNS needs to be updated. I made that easy too:

	# cat example.org/dns

apr2013._domainkey TXT "v=DKIM1;p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt/Wu1fd74UXwH//0uiX/6C0hkv3I/PdeTxfnzHN6GrehJpCYBd1BKuigduwt/wZFVgUopwxmcjxSK6qrkADtHC+ZiqC/sqcVuVDhnvzkIgd7dYhqBcVORg6f8Eg8132yPkmHyDm588qKfdFSEUVgBqSfqZg4ZdG4Uq5erHAyQIEcs0h7xqUKJKA5xJWdRwaVYbNkNDAscax1WrSvMHQkKBf5bWUtkMGc/HeoZ6T3VTn5Le0OgLoINj4lNTFfT6toXsbZsKzOaUYacnWVOq2v2lWgghOMRQHYPr7ldl2E7/6sNSpNT8KXAiT7wlfE+/xXg+0DyQq/ahKaPgAecCCFiwIDAQAB"

Tell the world that the ONLY mail servers that send mail from this domain are DKIM signed and/or bear our MX and A records.

With SPF:

        SPF "v=spf1 mx a -all"
        TXT "v=spf1 mx a -all"

With DMARC:

_dmarc  TXT "v=DMARC1; p=reject; adkim=s; aspf=r; rua=mailto:dmarc-feedback@example.org; ruf=mailto:dmarc-feedback@'example.org; pct=100"

With DomainKeys (deprecated)

_domainkey TXT "o=-; t=y; r=postmaster@example.org"

For more information about DKIM and SPF policy, the documentation within each plugin contains a longer discussion and links to more detailed information:

   perldoc plugins/dkim
   perldoc plugins/sender_permitted_from



Thread Next


nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About