On 2019/09/16 20:42, Mikolaj Kucharski wrote:
> Hi,
>
> On Thu, Sep 12, 2019 at 09:08:31AM +0200, Martijn van Duren wrote:
> > Ping
> >
> > Doesn't anyone want to replace dkimproxy with something that integrates
> > a little better?
that's not a good incentive, i never used dkimproxy :) (amavisd used to do
that for me, but I switched to rspamd's signing a couple of years ago and
haven't had any interest in looking for alternatives yet).
> I used this port and it worked for me. Initially I could not get
> DKIM pass with GMail, but with -c relaxed/relaxed Google is now
> happy.
it's probably worth figuring out what's going on without that setting, but
generally relaxed/relaxed is recommended anyway
https://wordtothewise.com/2016/12/dkim-canonicalization-or-why-microsoft-breaks-your-mail/
https://wordtothewise.com/2018/07/minimal-dmarc/
> I also ran filter-dkimsign as _smtpd user and not as the one from below
> patch named _dkimsign. I didn't see that last attached version of the
> port referenced that user. My only feedback would be small smtpd.conf
> snippet inside the package to show how to integrate this filter with
> smtpd.
>
> > On 9/5/19 3:22 PM, Martijn van Duren wrote:
> > > On 8/24/19 6:37 AM, Martijn van Duren wrote:
> > >> $ cat pkg/DESCR
> > >> filter-dkim is an opensmtpd filter that signs email with a dkim signature.
> > >> $
> > >>
> > >> Since I'm not too familiar with ports I would like to pay special
> > >> attention to the Makefile of both the port as well as the source.
like libopensmtpd, it needs MAKE_FLAGS= CC="${CC}".
WANTLIB needs updating:
opensmtpd-filter-dkimsign-0.1(mail/opensmtpd-filters/dkimsign):
Missing: crypto.45 (/usr/local/libexec/smtpd/filter-dkimsign) (system lib)
Extra: pthread.26
WANTLIB += crypto
*** Error 1 in target 'port-lib-depends-check' (ignored)
> > >> Also, I currently host the release tarballs at my personal server, which
> > >> I also use for generic other stuff and might not always be available.
> > >> If someone from the ports team has a more stable location to host the
> > >> release tarballs let me know.
I think that's all that anyone else doing ports distfile hosting has ..
> > >> Furthermore smtpd.conf allows for filters to be run as another user
> > >> (currently undocumented). I know we're tight for uids, but can we
> > >> reserve one for this port, so we can protect the dkim signing key from
> > >> the smtpd users? Or could it be possible to share a uid with another
> > >> port with similar purpose? E.g. dkimproxy?
> > >>
> > >> martijn@
> > >>
> > >>
> > > I renamed the package to opensmtpd-filter-dkimsign. This to allow for a
> > > future dkimverify. Moved port to mail/opensmtpd-filters/dkimsign.
> > >
> > > Apart from reserving a user, same questions as above remain.
>
> Not sure, which one is the "same questions as above", but if it is about
> the below user I think this is good idea.
>
>
> > > Index: user.list
> > > ===================================================================
> > > RCS file: /cvs/ports/infrastructure/db/user.list,v
> > > retrieving revision 1.351
> > > diff -u -p -r1.351 user.list
> > > --- user.list 25 Aug 2019 12:06:28 -0000 1.351
> > > +++ user.list 5 Sep 2019 13:21:08 -0000
> > > @@ -350,3 +350,4 @@ id user group port options
> > > 839 _exabgp _exabgp net/exabgp
> > > 840 _dma _dma mail/dma
> > > 841 _rt _rt www/rt
> > > +842 _dkimsign _dkimsign mail/opensmtpd-filters/dkimsign
> > >
> >
>
> --
> Regards,
> Mikolaj
>
No comments:
Post a Comment