On Thu, 2021-06-10 at 15:23 +0100, Simon Harrison wrote: > On Thu, 10 Jun 2021 13:13:30 +0200 > Martijn van Duren <opensm...@list.imperialat.at> wrote: > > > EHLO, > > > > I just pushed a new release of libopensmtpd and filter-dkimsign to the > > OpenBSD ports tree. These contains the following changes: > > > > libopensmtpd (0.7): > > - Registering OSMTPD_PHASE_LINK_CONNECT should be OSMTPD_TYPE_REPORT > > - Fix manpage: 0 is for outgoing connections, not 2. > > From Edgar Pettijohn <edgar <at> pettijohn-web <dot> com> > > - Fix a spelling mistake. > > From Ryan Kavanagh <rak <at> debian <dot> org> > > - Major overhaul of the Makefile.gnu so that things properly build on > > Debian (not relevant for OpenBSD) > > With Ryan Kavanagh <rak <at> debian <dot> org> > > > > filter-dkimsign (0.5): > > - Add support for ed25519. This currently requires openssl1.1 > > libcrypto and is thus only enabled in an ed25519 flavor of the > > package. Lots of help from tb@ and sthen@ > > - Fix error handling in a couple of places > > - Fix an initialization issue > > Spotted by Maarten de Vries <maarten <at> de-vri <dot> es> > > - Fix a couple of signedness warnings > > - Allow filter-dkimsign to be build on Debian (not relevant for > > OpenBSD) With Ryan Kavanagh <rak <at> debian <dot> org> > > > > The two major things: > > - filter-dkimsign now supports ed25519. Since LibreSSL doesn't have > > ed25519 signing yet it requires building against OpenSSL (I've only > > tested version 1.1). People on OpenBSD wanting to sign with ed25519 > > should intall the ed25519 flavor, which links against openssl's > > libcrypto. Note that in my testing many major mail platforms don't > > support ed25519 verifying, so continuing to sign with RSA in > > addition to ed25519 is still recommended. > > - libopensmtpd and filter-dkimsign should now be able to build on > > Debian without problems and should appear in the testing release of > > Debian soon(tm). This also means that other Linux distros should > > probably be able to compile and package them. If you run into issue > > please contact me so that things can be ironed out. > > > > For people who want to test filter-dkimsign on other platforms, the > > source can be downloaded at: > > https://distfiles.sigtrap.nl/libopensmtpd-0.7.tar.gz > > https://distfiles.sigtrap.nl/filter-dkimsign-0.5.tar.gz > > > > martijn@ > > > > > > Hello again. I've got libopensmtpd and filter-dkimsign compiled and > installed successfully (I think) but something is wrong as no mail is > sent with the below config. According to > > https://dmarcly.com/tools/dkim-record-checker > > everything is fine DNS wise. > > I used the sample from > > https://openports.pl/path/mail/opensmtpd-filters/dkimsign > > Here is my /etc/smtpd.conf: > > # $OpenBSD: smtpd.conf,v 1.10 2018/05/24 11:40:17 gilles Exp $ > > # This is the smtpd server system-wide configuration file. > # See smtpd.conf(5) for more information. > > table aliases file:/etc/aliases > > # To accept external mail, replace with: listen on all > # > listen on localhost > > action "local" maildir alias <aliases> > action "relay" relay > > # Uncomment the following to accept external mail for domain > "example.org" # > # match from any for domain "example.org" action "local" > match for local action "local" > match from local for any action "relay" > > # Below is for filter-dkimsign > filter "dkimsign" proc-exec "filter-dkimsign -d -s -k
Missing domain and selector argument ^^^^^^ > /mail/dkim/b0x.key" user _dkimsign group _dkimsign listen on localhost > filter "dkimsign" > > I'm wondered if the user and group might be the issue so commented them > out, but that didn't help. The private key must be readable by the user under which the filter is being executed. So if your permissions on /mail/dkim/b0x.key is not in accordance with the user/group from your filter line it won't work. > > Do I need to create a _dkimsign user and group? Any help appreciated. I > feel so close now. I've tried rspamd and dkimproxy but they both use > about 200MB on my server which seems somewhat heavy. In most cases of misconfiguring the filter smtpd will crash immediately after startup. What does your mail.log say (search for the name of the filter as specified in your smtpd.conf).
