Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

[courier-users] DKIM headers

0 views
Skip to first unread message

Jérôme Blion

unread,
Dec 3, 2009, 6:47:55 PM12/3/09
to
Hello,

I used few months ago a perlfilter to implement DKIM on a courier
server. But I had some crashes with it.
So... I rewrote it :-) for pythonfilter...

How to install it:
- you need to install pydkim (beware of dependencies with net.resolver
provided by python-adns)
- generate your keys (for this, you can use
http://www.topdog-software.com/files/dkim-genkey.sh ). Beware of the
owner / rights of files generated
- modify your DNS...
- In /etc/pythonfilter.conf, add following lines AFTER antispam filters:

# dkim: sign message using DKIM signature
#
dkim_sign

- In /etc/pythonfilter-modules.conf, add following lines:

[dkim_sign.py]
selector = 'dkim'
privkey = '/home/dkim/dkim.private'

- Install the script attached. It's a little bit ugly (pydkim can't
handle Messages objects, so I open the body file as a "simple" string...)

Several things I have in mind:
- one private key per domain. So, we could enable DKIM only for domains
we want instead of allowing it for every domain we "host". Privkey would
become privkeydir, dkim.private would become domain.private for each
domain... Is this a real need?
- do I need to explicitly close files I opened ? (bodyFile and privkey)
or python will do it for me?
- This filter supposes sender is not forged... So it has to be run
after antispam filters... Or it would be possible to sign spams... Is
this way safe enough?

I wrote the filter tonight... I didn't test it yet ! Feel free to
comment it, to fix it, to use it :-)

Hope this helps.
Jerome Blion.

dkim_sign.py
0 new messages