Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/driusan/dkim

Pure Go tools for managing DKIM headers
https://github.com/driusan/dkim

dkim go mail plan9

Last synced: 3 months ago
JSON representation

Pure Go tools for managing DKIM headers

Awesome Lists containing this project

README 

          
# driusan's DKIM tools



This is a collection of pure Go tools I've written to DKIM sign

messages and verify them on my 9front mail server.  They should be

fairly easy to incorporate into any pipeline that can pass messages

along stdin and read them from stdout.



## Verifying DKIM Signatures



The tool `dkimverify` will verify that a message has a valid

signature.



It can either read a message from stdin, or have (optionally many)

filenames passed as arguments.  If all messages have valid signatures,

it will exit with a success status, otherwise it will exit with an

exit code of the number of messages that failed validation.  For each

one, it will print the reason for the failure to stderr.



The `-hd` parameter takes a string argument and instead of printing to

stderr, will print an SMTP header of that name with a value of "Pass"

or "Fail" to stdout.  Temporary failures or no DKIM signature present

in a message will print nothing.  `-hdprefix` or `hdsuffix` can be

used to add a prefix or suffix to the header value.



The dkimverify tool can be used without any special configuration.



## Signing DKIM Signatures



Signing is slightly more complicated by necessity.  The tool

`dkimkeygen` will create 2 files in the directory it's run in:

`dns.txt` and `private.pem`.  The contents of the dns.txt need to be

added to your domain's DNS as a TXT record at

`selector._domainkey.example.com` so that the DKIM signatures added by

`dkimsign` can be validated.  (the "selector" part can be anything you

want, but needs to match what's passed to `dkimsign`) `private.pem` is

the corresponding private key.



`dkimsign` reads a message from stdin and writes a signed version of

that message to stdout according to the parameters passed.  The

incoming message can have any line ending, but they'll be converted to

"\r\n" line endings on output (unless `-n` is passed, in which case

they'll be printed as "\n").  If "-hd" is passed to `dkimsign`, the

header will be printed to stdout but not the message body.  The `-key`

parameter is the private key and should be the path to the

`private.pem` generated by dkimkeygen.  `-s` is the selector and

should match the selector part of the domain name.  `-d` is the domain

name.



### Example (Plan 9)



The following is an example `/mail/lib/remotemail` that should add

valid DKIM Signatures on a Plan 9 server.  Note that since it requires

the sender to have access to private.pem it should probably only be

used in a single-user environment.



```

#!/bin/rc

shift

sender=$1

shift

addr=$1

shift



# The first smtp with -f causes SMTP to add any headers it wants and

# fully qualify the addresses, printing to stdout instead of sending.

# dkimsign signs From, Date, Subject, and To headers (and the body)

# with relaxed encoding (the default).  It prints the signed message

# to stdout with \n line endings ("-n") and undoes the dot-stuffing

# added by smtp -f ("-u") both for generating the signature and for

# printing it.  It uses the selector 19700101._domainkey.example.com and

# signs using the private key at /sys/lib/dkim/private.pem (which

# should correspond to the selector)

# The second smtp (without -f) then sends the mail for real.

exec /bin/upas/smtp -f -h example.com .example.com $addr $sender $* | /bin/dkimsign -h From:Date:Subject:To -u -s 19700101 -n -d example.com -key /sys/lib/dkim/private.pem | /bin/upas/smtp -s -h example.com .example.com $addr $sender $*

```