ref: e7815d279aa18ec5cc997e79e0b7b551abcba917
dir: /changeblog/1740150466.txt/
Mail Server DKIM Some mail providers want it, others demand it: DKIM. Upas is quite an old mail system, but it ‥has‥ dkim support. However, documentation for upas in general is rare, so I'll try to note down how to sign your outgoing mail in a 9front mail system. This post ist not only for you, but also for me in five years. ### Theory: DKIM on Plan 9 Upas is distributed with an additional tool ‥‥‥upas/dkim‥‥‥, which we will use here. The tool expects the private key in factotum. How you get the key into the factotum is up to you as it depends on various factors. I'll just show you which key to generate and how to use it. DKIM uses your domain and a specific ‥selector‥ as an identifier. While it is pretty clear what the domain is, the selector is just a name for a specific key. It is possible to have multiple DKIM keys, and this is sometimes needed when rotating your keys. Everything else is just calling ‥‥‥dkim‥‥‥ in your ‥‥‥remotemail‥‥‥. ### Implementation To generate keys, run the following commands: [[[ms .P1 auth/rsagen -b 2048 -t 'service=dkim role=sign hash=sha256 domain=example.com' > dkimprivatekey auth/rsa2asn1 -f spki dkimprivatekey | auth/pemencode DKIM >dkimpubkey .P2 ]]] [[[ebook <code><pre> auth/rsagen -b 2048 -t 'service=dkim role=sign hash=sha256 domain=example.com' > dkimprivatekey auth/rsa2asn1 -f spki dkimprivatekey | auth/pemencode DKIM >dkimpubkey </pre></code> ]]] This will generate the private key you should feed into the factotum, as well as a public key file in PEM format. We don't need the PEM format specifically, but it's an easy way to create a Base64 encoded version of the public key, which is what we need. Just forget about the specific and only copy the key itself to the DNS entry. The DNS entry must be a TXT entry named ‥‥‥SELECTOR._domainkey.example.com‥‥‥ with the content: ‥‥‥v=DKIM1; k=rsa; p=YOURPUBLICKEY‥‥‥. This DNS entry will be used by the receiving servers to verify your mail. Keep note of the ‥SELECTOR‥ as it is the name of this specific key, and you'll use it to tell the receiving server which key you used for signing. To sign your mails, open your ‥‥‥/mail/lib/remotemail‥‥‥ file and edit the call to ‥‥‥smtp‥‥‥ with something similar to this: [[[ms .P1 /bin/upas/smtp -f -C -s -h $fd $addr $sender $* | /bin/upas/dkim -s SELECTOR -d example.com | /bin/upas/smtp -C -s -h $fd $addr $sender $* .P2 ]]] [[[ebook <code><pre> /bin/upas/smtp -f -C -s -h $fd $addr $sender $* | /bin/upas/dkim -s SELECTOR -d example.com | /bin/upas/smtp -C -s -h $fd $addr $sender $* </pre></code> ]]] You can see, your mail is processed by two calls to ‥‥‥smtp‥‥‥, with a call to ‥‥‥dkim‥‥‥ in between. The first call doesn't ‥send‥ the mail, it only processes it (the ‥‥‥-f‥‥‥ flag) to add additional headers. The call to ‥‥‥dkim‥‥‥ then processes the headers and adds the DKIM signature header to your mail. Last, the second call to ‥‥‥smtp‥‥‥ finally sends the processed mail to the receiving server. Comment: [[[ms .CW https://pleroma.envs.net/notice/ArLe4cGFkHavYUj4lM ]]] [[[ebook <a href="https://pleroma.envs.net/notice/ArLe4cGFkHavYUj4lM">Fediverse Post</a> ]]]