1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.DEV

  • DKIM for Debian Developers

    From Adam D. Barratt@21:1/5 to All on Mon Apr 13 14:50:02 2020
    Hi,

    There's been a lot of discussion in various forums recently about mail authentication for @debian.org addresses. As an initial step in that
    direction, I'm pleased to announce that the db.debian.org mail gateway
    now allows DDs to configure DKIM keys [http://www.dkim.org/] for their
    account, using the "dkimPubKey" command.

    The command format to use to set keys is:

    dkimPubKey: <selectorname> <base64-encoded key>

    where the selector name must end with ".your_uid.user"

    As an example, to configure a key for the DKIM selector
    "debian1.adsb.user", I might send:

    dkimPubKey: debian1.adsb.user MIIBIjANBgkqhkiG9w0BAQ...

    to change@db.debian.org. This will result in a TXT record for debian1.adsb.user._domainkey.debian.org. (i.e. a selector of "debian1.adsb.user")

    Multiple selectors can be added for a user by sending multiple
    "dkimPubKey" commands. Similarly to the existing SSH key functionality,
    any existing keys will be removed when adding new ones, so all required
    keys must be provided in the same mail.

    Some related resources which might be useful for configuring DKIM
    signing using popular MTAs:

    - https://exim.org/exim-html-current/doc/html/spec_html/ch-dkim_spf_and_dmarc.html#SECDKIMSIGN
    - https://debian-administration.org/article/718/DKIM-signing_outgoing_mail_with_exim4
    - http://opendkim.org/opendkim-README

    As ever, please let us know if you have any comments on or issues with
    the new functionality.

    Regards,

    Adam
    for DSA

    -----BEGIN PGP SIGNATURE-----

    iQJNBAABCAA3FiEEcgNjDiyOcnJRaE/rxc5dwsVCzVkFAl6UXWUZHGFkYW1AYWRh bS1iYXJyYXR0Lm9yZy51awAKCRDFzl3CxULNWSrZD/4suvHseKVHS6xfLFuCcfA0 oognHTe5pu8AHQECI2uxYoJRdVv7w8ulsk9kjNXJf15UR/zXRqr8cu+CLc3JBHi6 8Tv5wnyfubMPThio+DET9uxiwjMb/sKTpHAeFzOcwoRTYofd9qWPgJUp/l6bUvml YWK9bH6HxAuga90H8ErCSX9Pxkqhnc7oe/gnY0FyelA+/o8vqDp8s1nwgiW+s7db kX+wbTFlwswlhOYRUpbFTDFPTkhP7SGDlqe1alyMJxHnMNwFRFLsLOIp6mnr5HEj P6ZPH7Am39un+GHqsX0P/ovvI7+fapmECSBQmSuRn0bQ0/83mVK/5JaIbgeG+vtN yKfrmYvQcHAgH2URuJAn69I7+kRb2enFbX3eKE2hzxAAheR7fZr23H9g4kdgC2Og 9ogUG0+4qxNNAqnvDUvn8EDNTE3LrWjYOkzYxpcVEev7FQF17AwKXzDTkETmDXPS b4IcRwiRUr7Qvx4rC2SNiw9U3H7oU4R0CaEgermjHYyi/vzE3hPNaVNgcQMDGirG MXHMZgktj+HUEOxg8m/FQKn4jw2RNGmfQjHMAjrt1H0w4FyLRYrjqjIcGMUvxUaZ Fv8U31dh+ojDBFzrZ0Ssn5ZNg1cVRNR1cgiu+CdBDpHgPaVOQ4aCZK4j37rPyCdy XfZT6awE0+RowcJWx6PIfQ==
    =WuQh
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)