Hi! I figured I'd just report back on this:
On Tuesday 7. February 2017 15.13.53 frank wrote: > >> The DKIM instructions I used: > >> https://beingasysadmin.wordpress.com/2013/04/30/dkim-signing-in-qmail > >> / > >> > I'm a beginner at DKIM but as far as I can tell DKIM is a superset > replacement for Domain Keys so people didn't have to redo a bunch of > steps to implement it. > > The dktest program appears to be used to validate your keys before the > script tries to use them for signing. If the test fails it feeds the > old unsigned message directly to qmail-remote. You could probably > remove that test section from the shell script, I chose to leave it. Yeah, I did that, and it works well. I used opendkim to create the certificates, a bit of renaming, and it worked out allright. > All the hard work is done with Mail::DKIM as you guessed. I also had a look at the internals of the shell script, because it was a bit of a PITA. What really should be done here is to eliminate the dkimsign.pl script entirely, and instead implement the qmail-remote wrapper in Perl and call Mail::DKIM::Signer directly from the wrapper. I started doing that, but the bashism in the shell script got me confused, so I went away with my tail between my legs ;-) The dkimsign.pl script in the blog you referenced is a slightly hacked up version of the same script from the Mail::DKIM distro, but the whole thing could be made a lot simpler if the qmail-remote wrapper was written in Perl. Cheers, Kjetil