| FILTER-DKIMSIGN(8) | System Manager's Manual | FILTER-DKIMSIGN(8) |
NAME
filter-dkimsign - add dkim signature to messages
SYNOPSIS
filter-dkimsign [-tz] [-a algorithm] [-c canonicalization] [-h headers] [-x seconds] -d domain -D file -k file -s selector
DESCRIPTION
filter-dkimsign adds a dkim signature to the message. The following flags are supported:
- -a algorithm
- The algorithm to use. Supported signing algorithms are rsa and ed25519 (when enabled at compile time). Only sha256 should be used for hashing, since other algorithms are most likely not supported by verifiers. Defaults to rsa-sha256.
- -c canonicalization
- The canonicalization algorithm used to sign the message. Defaults to simple/simple.
- -D file
- file should point to a file containing a list of domains. Only one domain per line should be specified. See -d for more information.
- -d domain
- The domain where the public key can be found. This option can be specified multiple times to select the best domain during signing. If specified multiple times it looks at the domain component of the first mailbox in the from-header and tries to find a match. If no exact match can be found it looks for the closest parent domain. If no matches can be the first domain specified will be used.
- -h headers
- The email headers which are included in the mail signature. Per RFC this option requires at least the from header to be included. The headers are specified by separating them with a colon. The default is from:reply-to:subject:date:to:cc:resent-date:resent-from:resent-to:resent-cc:in-reply-to:references:list-id:list-help:list-unsubscribe:list-subscribe:list-post:list-owner:list-archive.
- -k file
- file should point to a file containing the RSA private key to sign the messages.
- -s selector
- The selector within the _domainkey subdomain of domain where the public key can be found.
- -t
- Add the time of signing to the dkim header.
- -x seconds
- Add the amount of seconds the signature is valid to the dkim header.
- -z
- Add the mail headers used in the dkim signature to the dkim header. If a second -z is specified all headers will be included in the dkim header. Useful for debugging purposes.
SEE ALSO
smtpd(8)
STANDARDS
D. Crocker, Ed., T. Hansen, Ed., and M. Kucherawy, Ed., DomainKeys Identified Mail (DKIM) Signatures, RFC 6376, Brandenburg InternetWorking, AT&T Laboratories, and Cloudmark, September 2011.
J. Levine, A New Cryptographic Signature Method for DomainKeys Identified Mail, RFC 8463, Taughannock Networks, September 2018.
AUTHORS
Martijn van Duren <martijn@openbsd.org>
| November 20, 2022 | Linux 6.0.9-arch1-1 |