Home | Docs | Forums | Lists | Bugs | Planet | Store | GMN | Get Gentoo!
View Bug Activity | Format For Printing | XML | Clone This Bug
With added support in Postfix 2.3 for a milter protocol, it became possible to use with Postfix many of existing milters (mail filters) that were originally developed with sendmail in mind. Two popular ones are dkim-milter offering support for DomainKeys Identified Mail (DKIM) Signatures, and dk-milter, offering support for Domain-based Email Authentication (DomainKeys). Gentoo has an ebuild for dk-milter but not for the (more advanced?) dkim-milter.
Created an attachment (id=104854) [edit] ebuild for dkim-milter-0.5.2
Created an attachment (id=104855) [edit] generic conf.d file to be placed under files directory for the dkim-milter ebuild
Created an attachment (id=104856) [edit] generic init.d file to be placed under files directory for the dkim-milter ebuild
Created an attachment (id=104857) [edit] helps the user create keys. taken from dk-milter ebuild. place under files dir as wel
Created an attachment (id=104859) [edit] patch file for dkim-milter/Makefile.m4
Created an attachment (id=104860) [edit] patch file for libdkim/Makefile.m4
Created an attachment (id=104861) [edit] patch file for libdkim/Makefile.m4
(In reply to comment #7) > Created an attachment (id=104861) [edit] > patch file for libdkim/Makefile.m4 Sorry for the duplicate file. Anyway that is all the files needed for the ebuild.
Are the Domainkeys and DKIM keys the same? I'm asking since you included the key generator from dk-milter. also it would be good the change the bug summary to "mail-filter/dkim-milter ebuild" or something like that.
(In reply to comment #9) > Are the Domainkeys and DKIM keys the same? I'm asking since you included the > key generator from dk-milter. The key specs are the same AFAIK. I don't see any reason why one would want to use different keys for dk-milter and dkim-milter. It would result in an extra DNS lookup on the receiving side. gentxt.sh is just a shell script to generate the keys. Run it twice with different $selector values if you want to use different keys for dk-milter and dkim-milter. > also it would be good the change the bug summary to "mail-filter/dkim-milter > ebuild" or something like that. Done.
can you get the dkim-filter to sign and verify ? i have setup domainkey and only domainkeys signs here even dkim have -b sv there is a 0.6.0 now if that matters with my problem, nice you maked the hardwork on initial ebuild here, let make it stable together
(In reply to comment #11) > can you get the dkim-filter to sign and verify ? You can use dkim-milter to sign and verify DKIM signatures. If you cannot, check your mail flow and mta settings. If on the other hand, you want to use dkim-milter to verify domainkeys signatures, you need to copy libdk directory (from dk-milter) and change a few config files. In other words, it is possible but I didn't bother with it because I ran into problems with dk-milter on amd64. Another mail server with x86 arch is signing the domainkeys signatures for us. You can also use dev-perl/Mail-DKIM to verify domainkeys signatures if you are using spamassassin. > i have setup domainkey and only domainkeys signs here even dkim have -b sv > there is a 0.6.0 now if that matters with my problem, nice you maked the > hardwork on initial ebuild here, let make it stable together Attached is the ebuild I use for dkim-milter-0.7.1
Created an attachment (id=119194) [edit] ebuild for dkim-milter 0.7.1
Created an attachment (id=119196) [edit] /etc/conf.d/dkim-filter file
Created an attachment (id=119198) [edit] /etc/init.d/dkim-filter file
Created an attachment (id=119202) [edit] config file for gentoo
Instead of passing MANROOT=/usr/share/man/man to make during src_install, consider setting confMANROOT in the site config file - see http://www.erikberg.com/notes/dkimsiteconfigm4.html for an example of this.
(In reply to comment #17) > Instead of passing MANROOT=/usr/share/man/man to make during src_install, > consider setting confMANROOT in the site config file - see > http://www.erikberg.com/notes/dkimsiteconfigm4.html for an example of this. Right. See the attached files and thanks for the comment.
Created an attachment (id=121684) [edit] dkim-milter-1.0.0.ebuild
Created an attachment (id=121685) [edit] files/site.config.m4 file
I think the configuration directory should be set to dkim-filter. If anyone is using dk-filter they can use a symbolic link.
(In reply to comment #21) > I think the configuration directory should be set to dkim-filter. If anyone is > using dk-filter they can use a symbolic link. Well, it's up to the devs really but I agree now that dkim-milter looks like the way to go rather than dk-milter. Trivial change. Will upload the files.
Created an attachment (id=121726) [edit] dkim-milter-1.0.0.ebuild
Created an attachment (id=121727) [edit] files/dkim-filter.conf
Created an attachment (id=121728) [edit] files/dkim-filter.init
Also please check http://bugs.gentoo.org/show_bug.cgi?id=178501 for an updated libmilter ebuild with possible poll() support.
Works for me(tm) on amd64.
Created an attachment (id=124532) [edit] version bump
Created an attachment (id=124534) [edit] site.config.m4 version bump
Created an attachment (id=126618) [edit] dkim-milter-2.0.0.ebuild
Created an attachment (id=126619) [edit] site.config.m4 for version 2.0.0
many thanks Eray, Added with a couple of changes. please tell me if you disagree with any. thoughts - given it could be an incoming only service there is really no need to enforce a key creation in the init script?
enjoy
(In reply to comment #32) > many thanks Eray, > Added with a couple of changes. please tell me if you disagree with any. Thanks for the commit. Version 2.3.0 is out by the way. > thoughts - given it could be an incoming only service there is really no need > to enforce a key creation in the init script? Perhaps you can make key creation optional with a local USE flag? Anyway, I think either way is fine.
> Thanks for the commit. Version 2.3.0 is out by the way. k added. must have justed missed that release. > > > thoughts - given it could be an incoming only service there is really no need > > to enforce a key creation in the init script? > > Perhaps you can make key creation optional with a local USE flag? Anyway, I > think either way is fine. My preference would be an init script that does a warning (disabled with a conf.d option) when validating only. Haven't had the effort to implement this of course.
(In reply to comment #35) > > Perhaps you can make key creation optional with a local USE flag? Anyway, I > > think either way is fine. > My preference would be an init script that does a warning (disabled with a > conf.d option) when validating only. I am not sure if I understand you correctly but attached (lighly tested) dkim-filter.init and dkim-filter.conf files will not refuse to start with key file missing error if dkim-milter is in verify only mode. You will have to comment out the line that forces key generation for all users in the dkim ebuild. Hence key generation will be optional and will be left to the sysadmin. Please comment if this was not what you were asking.
Created an attachment (id=132961) [edit] dkim-filter.conf
Created an attachment (id=132962) [edit] dkim-filter.init
