DOKK / manpages / debian 12 / opensmtpd-filter-dkimsign / filter-dkimsign.8.en
FILTER-DKIMSIGN(8) System Manager's Manual FILTER-DKIMSIGN(8)

filter-dkimsign - add dkim signature to messages

filter-dkimsign [-tz] [-a algorithm] [-c canonicalization] [-h headers] [-x seconds] -d domain -k file -s selector

filter-dkimsign adds a dkim signature to the message. The following flags are supported:

The algorithm to use. Supported signing algorithms are rsa and ed25519 (when enabled at compile time). Only sha256 should be used for hashing, since other algorithms are most likely not supported by verifiers. Defaults to rsa-sha256.
The canonicalization algorithm used to sign the message. Defaults to simple/simple.
The domain where the public key can be found. This option can be specified multiple times to select the best domain during signing. If specified multiple times it looks at the domain component of the first mailbox in the from-header and tries to find a match. If no exact match can be found it looks for the closest parent domain. If no matches can be the first domain specified will be used.
The email headers which are included in the mail signature. Per RFC this option requires at least the from header to be included. The headers are specified by separating them with a colon. The default is from:reply-to:subject:date:to:cc:resent-date:resent-from:resent-to:resent-cc:in-reply-to:references:list-id:list-help:list-unsubscribe:list-subscribe:list-post:list-owner:list-archive.
file should point to a file containing the RSA private key to sign the messages.
The selector within the _domainkey subdomain of domain where the public key can be found.
Add the time of signing to the dkim header.
Add the amount of seconds the signature is valid to the dkim header.
Add the mail headers used in the dkim signature to the dkim header. If a second -z is specified all headers will be included in the dkim header. Useful for debugging purposes.

smtpd(8)

D. Crocker, Ed., T. Hansen, Ed., and M. Kucherawy, Ed., DomainKeys Identified Mail (DKIM) Signatures, RFC 6376, Brandenburg InternetWorking, AT&T Laboratories, and Cloudmark, September 2011.

J. Levine, A New Cryptographic Signature Method for DomainKeys Identified Mail, RFC 8463, Taughannock Networks, September 2018.

Martijn van Duren <martijn@openbsd.org>

August 25, 2022 Debian