diff options
Diffstat (limited to 'sqmail-4.3.07/man/qmail-dkim.8')
-rw-r--r-- | sqmail-4.3.07/man/qmail-dkim.8 | 217 |
1 files changed, 0 insertions, 217 deletions
diff --git a/sqmail-4.3.07/man/qmail-dkim.8 b/sqmail-4.3.07/man/qmail-dkim.8 deleted file mode 100644 index 53463e9..0000000 --- a/sqmail-4.3.07/man/qmail-dkim.8 +++ /dev/null @@ -1,217 +0,0 @@ -.TH s/qmail: qmail-dkim 8 -.SH "NAME" -qmail-dkim \- libdkim implementation for s/qmail -.SH "SYNOPSIS" -.B qmail-dkim -[ -.I -h -.I -v -.I -V -.I -s[ecckey] -.I -b[1|2|3] -.I -c[s|t|u] -.I -d domain -.I -i identity -.I -l -.I -q -.I -t -.I -x expire_time -.I -y selector -.I -Y selector2 -.I -z[1|2|3|4|5] -] -.I in_message -.I RSA_private_key -.I out_message -.I Ed25519_private_key -.SH "DESCRIPTION" -.B qmail-dkim -is the implementation of -.B libdkim -for s/qmail providing API compatibility -and supporting RSA and Ed25519 DKIM signatures -in single or hybrid mode. -In hybrid mode, two -.I private keys -and two -.I selectors -need to be provided. -.B qmail-dkim -supports distinct operations: -.TP 5 -.B qmail-dkim \fI-s in_message RSA_private_key out_message\fR -DKIM signes -.I in_message -with the given -.I private_key -and returns -.IR out_message . -.TP 5 -.B qmail-dkim \fI-s in_message RSA_private_key out_message Ed255_private_key\fR -signs -.I in_message -with both a RSA -.I RSA_private_key -and a -.IR Ed25519_private_key. -Here, the RSA default selector is \fIdefault\fR and the -Ed25519 default selector is \fIeddy\fR; both subject of change. -.TP 5 -.B qmail-dkim \fI-v in_message\fR -verifies the -.IR in_message . -.SH "DKIM FORMATS" -DKIM needs a common understanding of the attributes -subject for signing and verification. -The following attributes can be set: -.TP 5 --c -is the 'canonicalization', thus how a validiation client -should deal with signature verification of the -message headers and/or body. Here, the choices are given -via an appended character: -.I r -relax on header, -.I s -simple (strict) on message body, -.I t -relax/simple, or eventually -.I u -simple relaxed. -Finally, the hash function to be used in the signature -can be given as -.TP 5 --z -following either with -.I 1 -using sha1, or -.I 2 -using sha256, or finally as default -.I 3 -providing both signature values in the mail header. -.I 4 -telling -.B qmail-dkim -to use the Ed25519 signature scheme. -.I 5 -allows -.B qmail-dkim -to attach both a -.I RSA-SHA256 -as well as a -.I Ed25519 -signature to the message, which considered to be a -.I hybrid -mode. - -.SH "DKIM SIGNING" -.B qmail-dkim -will include (several) message headers detailing the -.B DKIM signature -with at least the following fields: -.TP 3 -a -=<signature type> -.TP 3 -c -=<used canoncicalization> -.TP 3 -s -=<selector> -.TP 3 -d -=<identity> -.TP 3 -i -=<identifier> -.TP 3 -h -=<included header1:header2:...> -.TP 3 -bh -=<hash of the canonicalized body until its upper limit length; if given> -.TP 3 -b -=<base64 encoded signature> -.P -Additional settings can be achieved using the following options: -.TP 5 -.I -d domain -is the signer's domain name and together with the prepended -.TP 5 -.I -y selector -it is used for the DNS TXT lookup of the public key; supporting -mainly key roll-over. The first selector is used for RSA signatures. -.TP 5 -.I -Y selector2 -Same as \fI-y\fR but now for Ed25519 signatures. -.TP 5 -.I -I identifier -giving an additional hint about the agent or identifier -responsible for the signing like 'postmaster@domain'; defaults to -.IR domain . -.TP 5 -.I -t expire_time -given in seconds, tells how log the signature is valid. -It defaults to -.I 604800 -secconds (seven days). -.P -Further, some more option fields can be displayed in the header: -.TP 5 -.I -l -include a body length tag. -.TP 5 -.I -q -include the query method tag. - -.SH "DKIM VERIFICATION" -.B qmail-dkim -as invoked by -.B qmail-dkverify -extracting the received DKIM header fields, -and following the signature verification procedure -as given here, while fetching the signer's -.I public key -using a DNS TXT lookup. -Now, the respective header lines, and/or -the message body will be hashed and compared -against the values taken from the signatures. - -The results will be indicated by either return code -.I 0 -in case of success, -.I 1 -in case of mismatch, or -.I -1 -if other failures were encountered. - -Given the call argument -.TP 3 --v -.B qmail-dkim -will provide the DKIM results -.I pass -or -.I fail -including verbose reasons on the commmand line. -This is the legacy mode. - -.RE -Rather, invoking -.B qmail-dkim -with argument -.TP 3 --V -it communicates the results over a file interface -to be picked up by -.IR qmail-dkverify . - -.SH "SEE ALSO" -qmail-queue(8), -qmail-remote(8), -qmail-dksign(8), -qmail-dkverify(8), -qmail-send(8), -qmail-log(8). - |