s/qmail:
Section: Misc. Reference Manual Pages (qmail-dkim)
Updated: 8
Index
Return to Main Contents
NAME
qmail-dkim - libdkim implementation for s/qmail
SYNOPSIS
qmail-dkim
[
-h
-v
-V
-s[ecckey]
-b[1|2|3]
-c[s|t|u]
-d domain
-i identity
-l
-q
-t
-x expire_time
-y selector
-Y selector2
-z[1|2|3|4|5]
]
in_message
RSA_private_key
out_message
Ed25519_private_key
DESCRIPTION
qmail-dkim
is the implementation of
libdkim
for s/qmail providing API compatibility
and supporting RSA and Ed25519 DKIM signatures
in single or hybrid mode.
In hybrid mode, two
private keys
and two
selectors
need to be provided.
qmail-dkim
supports distinct operations:
- qmail-dkim -s in_message RSA_private_key out_message
-
DKIM signes
in_message
with the given
private_key
and returns
out_message.
- qmail-dkim -s in_message RSA_private_key out_message Ed255_private_key
-
signs
in_message
with both a RSA
RSA_private_key
and a
Ed25519_private_key.
Here, the RSA default selector is default and the
Ed25519 default selector is eddy; both subject of change.
- qmail-dkim -v in_message
-
verifies the
in_message.
DKIM FORMATS
DKIM needs a common understanding of the attributes
subject for signing and verification.
The following attributes can be set:
- -c
-
is the 'canonicalization', thus how a validiation client
should deal with signature verification of the
message headers and/or body. Here, the choices are given
via an appended character:
r
relax on header,
s
simple (strict) on message body,
t
relax/simple, or eventually
u
simple relaxed.
Finally, the hash function to be used in the signature
can be given as
- -z
-
following either with
1
using sha1, or
2
using sha256, or finally as default
3
providing both signature values in the mail header.
4
telling
qmail-dkim
to use the Ed25519 signature scheme.
5
allows
qmail-dkim
to attach both a
RSA-SHA256
as well as a
Ed25519
signature to the message, which considered to be a
hybrid
mode.
DKIM SIGNING
qmail-dkim
will include (several) message headers detailing the
DKIM signature
with at least the following fields:
- a
-
=<signature type>
- c
-
=<used canoncicalization>
- s
-
=<selector>
- d
-
=<identity>
- i
-
=<identifier>
- h
-
=<included header1:header2:...>
- bh
-
=<hash of the canonicalized body until its upper limit length; if given>
- b
-
=<base64 encoded signature>
Additional settings can be achieved using the following options:
- -d domain
-
is the signer's domain name and together with the prepended
- -y selector
-
it is used for the DNS TXT lookup of the public key; supporting
mainly key roll-over. The first selector is used for RSA signatures.
- -Y selector2
-
Same as -y but now for Ed25519 signatures.
- -I identifier
-
giving an additional hint about the agent or identifier
responsible for the signing like 'postmaster@domain'; defaults to
domain.
- -t expire_time
-
given in seconds, tells how log the signature is valid.
It defaults to
604800
secconds (seven days).
Further, some more option fields can be displayed in the header:
- -l
-
include a body length tag.
- -q
-
include the query method tag.
DKIM VERIFICATION
qmail-dkim
as invoked by
qmail-dkverify
extracting the received DKIM header fields,
and following the signature verification procedure
as given here, while fetching the signer's
public key
using a DNS TXT lookup.
Now, the respective header lines, and/or
the message body will be hashed and compared
against the values taken from the signatures.
The results will be indicated by either return code
0
in case of success,
1
in case of mismatch, or
-1
if other failures were encountered.
Given the call argument
- -v
-
qmail-dkim
will provide the DKIM results
pass
or
fail
including verbose reasons on the commmand line.
This is the legacy mode.
Rather, invoking
qmail-dkim
with argument
- -V
-
it communicates the results over a file interface
to be picked up by
qmail-dkverify.
SEE ALSO
qmail-queue(8),
qmail-remote(8),
qmail-dksign(8),
qmail-dkverify(8),
qmail-send(8),
qmail-log(5).
Index
- NAME
-
- SYNOPSIS
-
- DESCRIPTION
-
- DKIM FORMATS
-
- DKIM SIGNING
-
- DKIM VERIFICATION
-
- SEE ALSO
-
This document was created by
man2html,
using the manual pages.
Time: 16:40:05 GMT, September 13, 2025