commit - 365862b1aca901a83b87bede4b5a8cb4a8fdd5fc
commit + e7076cef86ccd15d68dbaa2fc3c76976f34cd3bf
blob - f6d059cc8c3a271f9788d24df1b937fae571f378
blob + f20a0b16810cd2d9d16b9aae503ebcde39f284f4
--- filter-dkim.1
+++ filter-dkim.1
@@ -25,6 +25,7 @@
 .Op Fl a Ar algorithm
 .Op Fl c Ar canonicalization
 .Op Fl h Ar headers
+.Op Fl t
 .Fl d Ar domain
 .Fl k Ar file
 .Fl s Ar selector
@@ -59,6 +60,8 @@ should point to a file containing the RSA private key 
 The selector within the _domainkey subdomain of
 .Ar domain
 where the public key can be found.
+.It Fl t
+Add the time of signing to the dkim header.
 .El
 .Sh SEE ALSO
 .Xr smtpd 8
blob - 2f830049280838b6e1a1a5aa4302bc079e1f51f2
blob + f937ced559e717719dad86ab9c0ffd92400ed283
--- main.c
+++ main.c
@@ -90,6 +90,8 @@ static char *cryptalg = "rsa";
 static int canonheader = CANON_SIMPLE;
 static int canonbody = CANON_SIMPLE;
 
+static int addtime = 0;
+
 static char *domain = NULL;
 static char *selector = NULL;
 
@@ -127,7 +129,7 @@ main(int argc, char *argv[])
 	int debug = 0;
 	FILE *keyfile;
 
-	while ((ch = getopt(argc, argv, "a:c:Dd:h:k:s:")) != -1) {
+	while ((ch = getopt(argc, argv, "a:c:Dd:h:k:s:t")) != -1) {
 		switch (ch) {
 		case 'a':
 			if (strncmp(optarg, "rsa-", 4) != 0)
@@ -174,6 +176,9 @@ main(int argc, char *argv[])
 		case 's':
 			selector = optarg;
 			break;
+		case 't':
+			addtime = 1;
+			break;
 		case 'D':
 			debug = 1;
 			break;
@@ -556,6 +561,9 @@ dkim_sign(struct dkim_session *session)
 	char *tmp, *tmp2;
 	char tmpchar;
 
+	if (addtime && !dkim_signature_printf(session, "t=%lld; ",
+	    (long long) time(NULL)))
+		return;
 	if (canonbody == CANON_SIMPLE && !session->has_body) {
 		if (EVP_DigestUpdate(session->bh, "\r\n", 2) <= 0) {
 			dkim_err(session, "Can't update hash context");