1. Forum
  2. Usenet
  3. COMP.MAIL.SENDMAIL

  • best practice adding DKIM to outgoing email

    From None@21:1/5 to All on Wed Feb 1 14:48:42 2023
    I was wondering what is best practice to enable/add dkim on outgoing
    mail. Is it common to have this done with sendmail or maybe prefer a
    dedicated milter.
    What to do with the private keys, one for each domain. Is it easy to
    store this with rest in ldap, or better just on the filesystem.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From None@21:1/5 to All on Wed Feb 1 15:37:11 2023
    hence you need a milter...
    Problem: a milter is on the "incoming" side and if you are doing
    certain kinds of mail rewriting in sendmail, the DKIM signature
    might break...
    "Generic" solution for that case:
    local mail -> sendmail-with-rewritng ->
    sendmail+dkim-signing-milter -> out



    I guess it then also does not make sense to retrieve the private key
    from ldap in sendmail and parse it via a macro to the milter?
    This would be nice because I could use the already existing ldap
    configuration / connection.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Claus =?iso-8859-1?Q?A=DFmann?= @21:1/5 to None on Wed Feb 1 09:18:48 2023
    None wrote:

    I was wondering what is best practice to enable/add dkim on outgoing
    mail. Is it common to have this done with sendmail or maybe prefer a

    sendmail doesn't do DKIM signing.

    dedicated milter.

    hence you need a milter...
    Problem: a milter is on the "incoming" side and if you are doing
    certain kinds of mail rewriting in sendmail, the DKIM signature
    might break...
    "Generic" solution for that case:
    local mail -> sendmail-with-rewritng ->
    sendmail+dkim-signing-milter -> out


    --
    Note: please read the netiquette before posting. I will almost never
    reply to top-postings which include a full copy of the previous
    article(s) at the end because it's annoying, shows that the poster
    is too lazy to trim his article, and it's wasting the time of all readers.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From J.O. Aho@21:1/5 to None on Wed Feb 1 15:20:02 2023
    On 01/02/2023 14:48, None wrote:

    I was wondering what is best practice to enable/add dkim on outgoing
    mail. Is it common to have this done with sendmail or maybe prefer a dedicated milter.
    What to do with the private keys, one for each domain. Is it easy to
    store this with rest in ldap, or better just on the filesystem.

    I used opendkim, connection configured with INPUT_MAIL_FILTER in the mc
    file.

    There should be some ldap option to build opendkim, not used that myself
    so I can't say anything more about it.

    Another alternative that gives you loads more is rspamd, this one I have
    only used with a postfix setup.


    --

    //Aho

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)