1 .\"	$OpenBSD$
2 .\"
3 .\" Copyright (c) 2019 Martijn van Duren <martijn@openbsd.org>
4 .\"
5 .\" Permission to use, copy, modify, and distribute this software for any
6 .\" purpose with or without fee is hereby granted, provided that the above
7 .\" copyright notice and this permission notice appear in all copies.
8 .\"
9 .\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 .\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 .\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 .\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 .\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 .\"
17 .Dd $Mdocdate$
18 .Dt FILTER-DKIMSIGN 8
19 .Os
20 .Sh NAME
21 .Nm filter-dkimsign
22 .Nd add dkim signature to messages
23 .Sh SYNOPSIS
24 .Nm
25 .Op Fl tz
26 .Op Fl a Ar algorithm
27 .Op Fl c Ar canonicalization
28 .Op Fl h Ar headers
29 .Op Fl x Ar seconds
30 .Fl d Ar domain
31 .Fl k Ar file
32 .Fl s Ar selector
33 .Sh DESCRIPTION
34 .Nm
35 adds a dkim signature to the message.
36 The following flags are supported:
37 .Bl -tag -width Ds
38 .It Fl a Ar algorithm
39 The
40 .Ar algorithm
41 to use.
42 Supported signing algorithms are
43 .Em rsa
44 and
45 .Em ed25519 Pq when enabled at compile time .
46 Only sha256 should be used for hashing, since other algorithms are most likely
47 not supported by verifiers.
48 Defaults to
49 .Cm rsa-sha256 .
50 .It Fl c Ar canonicalization
51 The canonicalization algorithm used to sign the message.
52 Defaults to
53 .Em simple/simple .
54 .It Fl d Ar domain
55 The
56 .Ar domain
57 where the public key can be found.
58 This option can be specified multiple times to select the best
59 .Ar domain
60 during signing.
61 If specified multiple times it looks at the domain component of the first
62 mailbox in the from-header and tries to find a match.
63 If no exact match can be found it looks for the closest parent
64 .Ar domain .
65 If no matches can be the first
66 .Ar domain
67 specified will be used.
68 .It Fl h Ar headers
69 The email headers which are included in the mail signature.
70 Per RFC this option requires at least the from header to be included.
71 The headers are specified by separating them with a colon.
72 The default is
73 .Em from:reply-to:subject:date:to:cc:resent-date:resent-from:resent-to:resent-cc:in-reply-to:references:list-id:list-help:list-unsubscribe:list-subscribe:list-post:list-owner:list-archive .
74 .It Fl k Ar file
75 .Ar file
76 should point to a file containing the RSA private key to sign the messages.
77 .It Fl s Ar selector
78 The selector within the _domainkey subdomain of
79 .Ar domain
80 where the public key can be found.
81 .It Fl t
82 Add the time of signing to the dkim header.
83 .It Fl x Ar seconds
84 Add the amount of
85 .Ar seconds
86 the signature is valid to the dkim header.
87 .It Fl z
88 Add the mail headers used in the dkim signature to the dkim header.
89 If a second
90 .Fl z
91 is specified all headers will be included in the dkim header.
92 Useful for debugging purposes.
93 .El
94 .Sh SEE ALSO
95 .Xr smtpd 8
96 .Sh STANDARDS
97 .Rs
98 .%A D. Crocker, Ed.
99 .%Q Brandenburg InternetWorking
100 .%A T. Hansen, Ed.
101 .%Q AT&T Laboratories
102 .%A M. Kucherawy, Ed.
103 .%Q Cloudmark
104 .%D September 2011
105 .%R RFC 6376
106 .%T DomainKeys Identified Mail (DKIM) Signatures
107 .Re
108 .Pp
109 .Rs
110 .%A J. Levine
111 .%Q Taughannock Networks
112 .%D September 2018
113 .%R RFC 8463
114 .%T A New Cryptographic Signature Method for DomainKeys Identified Mail
115 .Re
116 .Sh AUTHORS
117 .An Martijn van Duren Aq Mt martijn@openbsd.org