.\" Automatically generated from an mdoc input file. Do not edit. .\" $OpenBSD$ .\" .\" Copyright (c) 2019 Martijn van Duren .\" .\" Permission to use, copy, modify, and distribute this software for any .\" purpose with or without fee is hereby granted, provided that the above .\" copyright notice and this permission notice appear in all copies. .\" .\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES .\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF .\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR .\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES .\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" .TH "FILTER-DKIMSIGN" "8" "November 20, 2022" "Linux 6.0.9-arch1-1" "System Manager's Manual" .nh .if n .ad l .SH "NAME" \fBfilter-dkimsign\fR \- add dkim signature to messages .SH "SYNOPSIS" .HP 16n \fBfilter-dkimsign\fR [\fB\-tz\fR] [\fB\-a\fR\ \fIalgorithm\fR] [\fB\-c\fR\ \fIcanonicalization\fR] [\fB\-h\fR\ \fIheaders\fR] [\fB\-x\fR\ \fIseconds\fR] \fB\-d\fR\ \fIdomain\fR \fB\-D\fR\ \fIfile\fR \fB\-k\fR\ \fIfile\fR \fB\-s\fR\ \fIselector\fR .SH "DESCRIPTION" \fBfilter-dkimsign\fR adds a dkim signature to the message. The following flags are supported: .TP 8n \fB\-a\fR \fIalgorithm\fR The \fIalgorithm\fR to use. Supported signing algorithms are \fIrsa\fR and \fIed25519\fR (when enabled at compile time). Only sha256 should be used for hashing, since other algorithms are most likely not supported by verifiers. Defaults to \fBrsa-sha256\fR. .TP 8n \fB\-c\fR \fIcanonicalization\fR The canonicalization algorithm used to sign the message. Defaults to \fIsimple/simple\fR. .TP 8n \fB\-D\fR \fIfile\fR \fIfile\fR should point to a file containing a list of domains. Only one domain per line should be specified. See \fB\-d\fR for more information. .TP 8n \fB\-d\fR \fIdomain\fR The \fIdomain\fR where the public key can be found. This option can be specified multiple times to select the best \fIdomain\fR during signing. If specified multiple times it looks at the domain component of the first mailbox in the from-header and tries to find a match. If no exact match can be found it looks for the closest parent \fIdomain\fR. If no matches can be the first \fIdomain\fR specified will be used. .TP 8n \fB\-h\fR \fIheaders\fR The email headers which are included in the mail signature. Per RFC this option requires at least the from header to be included. The headers are specified by separating them with a colon. The default is \fIfrom:reply-to:subject:date:to:cc:resent-date:resent-from:resent-to:resent-cc:in-reply-to:references:list-id:list-help:list-unsubscribe:list-subscribe:list-post:list-owner:list-archive\fR. .TP 8n \fB\-k\fR \fIfile\fR \fIfile\fR should point to a file containing the RSA private key to sign the messages. .TP 8n \fB\-s\fR \fIselector\fR The selector within the _domainkey subdomain of \fIdomain\fR where the public key can be found. .TP 8n \fB\-t\fR Add the time of signing to the dkim header. .TP 8n \fB\-x\fR \fIseconds\fR Add the amount of \fIseconds\fR the signature is valid to the dkim header. .TP 8n \fB\-z\fR Add the mail headers used in the dkim signature to the dkim header. If a second \fB\-z\fR is specified all headers will be included in the dkim header. Useful for debugging purposes. .SH "SEE ALSO" smtpd(8) .SH "STANDARDS" D. Crocker, Ed., T. Hansen, Ed., and M. Kucherawy, Ed., \fIDomainKeys Identified Mail (DKIM) Signatures\fR, RFC 6376, Brandenburg InternetWorking, AT&T Laboratories, and Cloudmark, September 2011. .PP J. Levine, \fIA New Cryptographic Signature Method for DomainKeys Identified Mail\fR, RFC 8463, Taughannock Networks, September 2018. .SH "AUTHORS" Martijn van Duren <\fImartijn@openbsd.org\fR>