|
NAMEdkimproxy.out - SMTP proxy for adding DKIM signatures to emailSYNOPSISdkimproxy.out [options] --keyfile=FILENAME --selector=SELECTOR \ --domain=DOMAIN LISTENADDR:PORT RELAYADDR:PORT smtp options: --conf_file=FILENAME --listen=LISTENADDR:PORT --relay=RELAYADDR:PORT --reject-error signing options: --signature=dkim|domainkeys --keyfile=FILENAME --selector=SELECTOR --method=simple|relaxed|nofws --domain=DOMAIN --identity=IDENTITY daemon options: --daemonize --user=USER --group=GROUP --pidfile=PIDFILE dkimproxy.out --help to see a full description of the various options DESCRIPTIONThis is the "outbound" part of DKIMproxy, used for adding DKIM/DomainKey signatures to "outbound" email messages. This program listens on a particular TCP port (specified by the "listen" option), and sends the traffic it receives on to a destination TCP address/port (specified by the "relay" option), with messages getting modified to have a DKIM and/or DomainKeys signature added.DKIMproxy offers a number of options that determine how it generates signatures for the messages it processes. It can also vary its behavior according to the sender of the message it is processing. Read about the "sender map file" if you want to vary behavior according to sender. OPTIONS
EXAMPLEFor example, if dkimproxy.out is started with:dkimproxy.out --keyfile=private.key --selector=postfix \ --domain=example.org 127.0.0.1:10027 127.0.0.1:10028 the proxy will listen on port 10027 and send the signed messages to some other SMTP service on port 10028. CONFIGURATION FILEParameters can be stored in a separate file instead of specifying them all on the command-line. Use the "conf_file" option to specify the path to the configuration file, e.g.dkimproxy.out --conf_file=/etc/dkimproxy_out.conf The format of the configuration file is one option per line: name of the option, space, then the value of the option. E.g. # this is an example config file domain example.org,example.com keyfile private.key selector postfix signature dkim is equivalent to dkimproxy.out --domain=example.org,example.com --keyfile=private.key \ --selector=postfix --signature=dkim SIGNATURE OPTIONSWhen specifying a signature type, you may optionally specify per-signature options within parenthesis after the signature type. E.g. if you saydkim(d=example.com,c=relaxed,a=rsa-sha1) Then DKIMproxy will add a "DKIM" signature with domain "example.com", using the "relaxed" canonicalization method, and the "rsa-sha1" algorithm. The following signature options are recognized:
MACROSWhen specifying signature options, specifically the "domain" and "identity" options, you may want to substitute values from the message being signed. The following macros are available:
SENDER MAP FILEIf you want to use different signature properties depending on the sender of the message being signed, use a "sender map file". This is a lookup file containing sender email addresses on the left and signature properties on the right. E.g.# sign my mail with a EXAMPLE.COM dkim signature jason@long.name dkim(d=example.com) # sign WIDGET.EXAMPLE mail with a default domainkeys signature widget.example domainkeys # sign EXAMPLE.ORG mail with both a domainkeys and dkim signature example.org dkim(c=relaxed,a=rsa-sha256), domainkeys(c=nofws) Right-hand values in a sender map file is a comma-separated list of signature types. Each signature type may have a comma-separated list of parameters enclosed in parenthesis. See "SIGNATURE OPTIONS" for more information about the recognized parameters. Please note that DKIMproxy tries hard to match a given message to an entry in the sender map file. If the full domain of the message's sender is not in the file, it tries each parent domain of the message's sender until a match is found. E.g. if the sender map file contains the following contents: a.my.example dkim(key=key1) my.example dkim(key=key2) Then a message from user1@a.my.example will be signed with key key1. A message from user2@b.my.example will be signed with key2. A message from user3@your.example will not be signed. LIST-ID MAP FILEThis works very much like a sender map file, except it selects based on the "List-Id" header rather than the "Sender" or "From" header. You can match on the full list-id value, or just a suffix. Here is an example file:kernel.org dkim(d=kernel.org) xorg-devel.lists.x.org dkim(d=lists.x.org) dev.spamassassin.apache.org dkim(d=apache.org) The syntax of the right-hand values is the same as a sender map file, i.e. a comma-separated list of signatures to add to the message. For more details, see "SIGNATURE OPTIONS" above. If no "List-Id" header is found in the message to be signed, or no entry in the map file matches the found "List-Id" header, then DKIMproxy will proceed as if no listid_map option was specified. That is, it will add the default signature (if a "domain" or "signature" option was specified), or leave the message as is. AUTHORJason Long
Visit the GSP FreeBSD Man Page Interface. |