Rocksolid Light

Welcome to RetroBBS

mail  files  register  newsreader  groups  login

Message-ID:  

Remember, there's a big difference between kneeling down and bending over. -- Frank Zappa

computers / comp.mail.sendmail / best practice adding DKIM to outgoing email

SubjectAuthor
* best practice adding DKIM to outgoing emailNone
+* Re: best practice adding DKIM to outgoing emailClaus Aßmann
|`- Re: best practice adding DKIM to outgoing emailNone
`- Re: best practice adding DKIM to outgoing emailJ.O. Aho

1
best practice adding DKIM to outgoing email

<trdqjq$c394$1@dont-email.me>

  copy mid

https://www.rocksolidbbs.com/computers/article-flat.php?id=674&group=comp.mail.sendmail#674

  copy link   Newsgroups: comp.mail.sendmail
Path: i2pn2.org!i2pn.org!eternal-september.org!reader01.eternal-september.org!.POSTED!not-for-mail
From: hzcnjkx656@tormails.com (None)
Newsgroups: comp.mail.sendmail
Subject: best practice adding DKIM to outgoing email
Date: Wed, 1 Feb 2023 14:48:42 +0100
Organization: A noiseless patient Spider
Lines: 6
Message-ID: <trdqjq$c394$1@dont-email.me>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Wed, 1 Feb 2023 13:48:42 -0000 (UTC)
Injection-Info: reader01.eternal-september.org; posting-host="e7225b1688b9b83ddeaff2ed5405e650";
logging-data="396580"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX19kXSUxb5lNBQCFvW5Vb7gzMe+Nuj9heY4PYItzpekv9g=="
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101
Thunderbird/91.5.1
Cancel-Lock: sha1:k63WYRF/Hi1+LJBUmoyYU70JDAk=
Content-Language: en-US
 by: None - Wed, 1 Feb 2023 13:48 UTC

I was wondering what is best practice to enable/add dkim on outgoing
mail. Is it common to have this done with sendmail or maybe prefer a
dedicated milter.
What to do with the private keys, one for each domain. Is it easy to
store this with rest in ldap, or better just on the filesystem.

Re: best practice adding DKIM to outgoing email

<trdsc8$rgg$1@news.misty.com>

  copy mid

https://www.rocksolidbbs.com/computers/article-flat.php?id=675&group=comp.mail.sendmail#675

  copy link   Newsgroups: comp.mail.sendmail
Path: i2pn2.org!i2pn.org!weretis.net!feeder6.news.weretis.net!news.misty.com!.POSTED.veps.esmtp.org!not-for-mail
From: INVALID_NO_CC_REMOVE_IF_YOU_DO_NOT_POST_ml+sendmail(-no-copies-please)@esmtp.org (Claus Aßmann)
Newsgroups: comp.mail.sendmail
Subject: Re: best practice adding DKIM to outgoing email
Date: Wed, 1 Feb 2023 09:18:48 -0500 (EST)
Organization: MGT Consulting
Sender: <ml+sendmail(-no-copies-please)@esmtp.org>
Message-ID: <trdsc8$rgg$1@news.misty.com>
References: <trdqjq$c394$1@dont-email.me>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
Injection-Date: Wed, 1 Feb 2023 14:18:48 -0000 (UTC)
Injection-Info: news.misty.com; posting-host="veps.esmtp.org:155.138.203.148";
logging-data="28176"; mail-complaints-to="abuse@misty.com"
Mail-Copies-To: never
X-Newsreader: trn 4.0-test77 (Sep 1, 2010)
Originator: ca@x2.esmtp.org (Claus Assmann)
 by: Claus Aßmann - Wed, 1 Feb 2023 14:18 UTC

None wrote:

> I was wondering what is best practice to enable/add dkim on outgoing
> mail. Is it common to have this done with sendmail or maybe prefer a

sendmail doesn't do DKIM signing.

> dedicated milter.

hence you need a milter...
Problem: a milter is on the "incoming" side and if you are doing
certain kinds of mail rewriting in sendmail, the DKIM signature
might break...
"Generic" solution for that case:
local mail -> sendmail-with-rewritng ->
sendmail+dkim-signing-milter -> out

--
Note: please read the netiquette before posting. I will almost never
reply to top-postings which include a full copy of the previous
article(s) at the end because it's annoying, shows that the poster
is too lazy to trim his article, and it's wasting the time of all readers.

Re: best practice adding DKIM to outgoing email

<k3vaoiF1ne9U1@mid.individual.net>

  copy mid

https://www.rocksolidbbs.com/computers/article-flat.php?id=676&group=comp.mail.sendmail#676

  copy link   Newsgroups: comp.mail.sendmail
Path: i2pn2.org!i2pn.org!news.swapon.de!fu-berlin.de!uni-berlin.de!individual.net!not-for-mail
From: user@example.net (J.O. Aho)
Newsgroups: comp.mail.sendmail
Subject: Re: best practice adding DKIM to outgoing email
Date: Wed, 1 Feb 2023 15:20:02 +0100
Lines: 21
Message-ID: <k3vaoiF1ne9U1@mid.individual.net>
References: <trdqjq$c394$1@dont-email.me>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-Trace: individual.net xo+IzRGiZ+KZec3FkK2rFwM8ViZJ9D9J6Qbj8g+KJWlOinIGfR
Cancel-Lock: sha1:4ldnlzDwYt2qX92OuPlw2TD2zvE=
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101
Thunderbird/102.6.1
Content-Language: en-US-large
In-Reply-To: <trdqjq$c394$1@dont-email.me>
 by: J.O. Aho - Wed, 1 Feb 2023 14:20 UTC

On 01/02/2023 14:48, None wrote:
>
> I was wondering what is best practice to enable/add dkim on outgoing
> mail. Is it common to have this done with sendmail or maybe prefer a
> dedicated milter.
> What to do with the private keys, one for each domain. Is it easy to
> store this with rest in ldap, or better just on the filesystem.

I used opendkim, connection configured with INPUT_MAIL_FILTER in the mc
file.

There should be some ldap option to build opendkim, not used that myself
so I can't say anything more about it.

Another alternative that gives you loads more is rspamd, this one I have
only used with a postfix setup.

--

//Aho

Re: best practice adding DKIM to outgoing email

<trdteo$cjf4$1@dont-email.me>

  copy mid

https://www.rocksolidbbs.com/computers/article-flat.php?id=677&group=comp.mail.sendmail#677

  copy link   Newsgroups: comp.mail.sendmail
Path: i2pn2.org!i2pn.org!eternal-september.org!reader01.eternal-september.org!.POSTED!not-for-mail
From: hzcnjkx656@tormails.com (None)
Newsgroups: comp.mail.sendmail
Subject: Re: best practice adding DKIM to outgoing email
Date: Wed, 1 Feb 2023 15:37:11 +0100
Organization: A noiseless patient Spider
Lines: 16
Message-ID: <trdteo$cjf4$1@dont-email.me>
References: <trdqjq$c394$1@dont-email.me> <trdsc8$rgg$1@news.misty.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Wed, 1 Feb 2023 14:37:12 -0000 (UTC)
Injection-Info: reader01.eternal-september.org; posting-host="e7225b1688b9b83ddeaff2ed5405e650";
logging-data="413156"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX18eamkymZTMiiWhS2Hi8tQOTF3uHjlWV8oad+anyetF5g=="
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101
Thunderbird/91.5.1
Cancel-Lock: sha1:CJV6D+HZ9brcpQNi+eaB6vfjWXE=
Content-Language: en-US
In-Reply-To: <trdsc8$rgg$1@news.misty.com>
 by: None - Wed, 1 Feb 2023 14:37 UTC

> hence you need a milter...
> Problem: a milter is on the "incoming" side and if you are doing
> certain kinds of mail rewriting in sendmail, the DKIM signature
> might break...
> "Generic" solution for that case:
> local mail -> sendmail-with-rewritng ->
> sendmail+dkim-signing-milter -> out
>
>

I guess it then also does not make sense to retrieve the private key
from ldap in sendmail and parse it via a macro to the milter?
This would be nice because I could use the already existing ldap
configuration / connection.

1
server_pubkey.txt

rocksolid light 0.9.81
clearnet tor