Dear Qmail users,
after a long development and testing period, I'm glad to announce the
public availability of s/qmail 4.2 coming with full featured DKIM
support.
s/qmail is now mostly 'feature-complete' at least concering the current
situation for (E)SMTP and incorporates all main features an up-to-date
MTA shall have.
I've refactored and incorporated ALT-N's libdkim C++ library functions
natively for s/qmail, removed obsolete pieces and included Ed25519 DKIM
signature support. This adds about 4000 lines of code to s/qmail, which
is a considerable enhancement. In particular, the queue is now entitled
to include a subdirectory structure queue/dkim/<n>.
My changes to libdkim are such, that those can be picked up for
upstream integration. Though I introduced significant code changes, it
should be easy to get a reasonable working diff of if. However, with
exception for the DNS lookup (now based on fehQlibs).
The bad part of DKIM is its significant system impact: The mail has to
be rewritten several times, which however can not be avoided, since
DKIM calculates the hash over the message requiring CRLF line feeds.
The good point of my implementation is: In case you don't need DKIM, no
DKIM modules are called. Apart from a trivial change to qmail-rspawn,
no changes where done to the core. However, the stub-routines qmail-
dksign and qmail-dkverify are deeply integrated into s/qmail.
DKIM support helps to deliver mails in particular to the big
providers like gmail and Microsoft. Early adoptors really need to read
the documentation about my DKIM solution available at:
https://www.fehcom.de/sqmail/sqmaildoc_05.html##qmail-DKIM
and the man pages!
DKIM key generation is a snap with the script mkdkimkey for both RSA
and Ed25519 keys and a subsequent DNS TXT record is available for easy
usage. I should mention, that my djbdnscurve6 already supports DKIM
records out-of-the-box.
s/qmail+DKIM works with both OpenSSL and LibreSSL in their advanced
versions. DKIM is no fastfood. It requires a lot of attention to setup
keys and signing strategies. I've tried to keep it in the spirit of
qmail. For signing, a new control file is available as 'dkimdomains'.
The stand-alone module 'qmail-dkim' can be used independently of
s/qmail and is simply a replacement for libdkim.
Special thanks to John Levine for his guidance on Ed25519 signatures.
The code is documented via doxygen:
https://www.fehcom.de/sqmail/doxygen/index.html
Regards.
--eh.
--
Dr. Erwin Hoffmann | www.fehcom.de
PGP key-id: 20FD6E671A94DC1E
PGP key-fingerprint: 8C6B 155B 0FDA 64F1 BCCE A6B9 20FD 6E67 1A94 DC1E
after a long development and testing period, I'm glad to announce the
public availability of s/qmail 4.2 coming with full featured DKIM
support.
s/qmail is now mostly 'feature-complete' at least concering the current
situation for (E)SMTP and incorporates all main features an up-to-date
MTA shall have.
I've refactored and incorporated ALT-N's libdkim C++ library functions
natively for s/qmail, removed obsolete pieces and included Ed25519 DKIM
signature support. This adds about 4000 lines of code to s/qmail, which
is a considerable enhancement. In particular, the queue is now entitled
to include a subdirectory structure queue/dkim/<n>.
My changes to libdkim are such, that those can be picked up for
upstream integration. Though I introduced significant code changes, it
should be easy to get a reasonable working diff of if. However, with
exception for the DNS lookup (now based on fehQlibs).
The bad part of DKIM is its significant system impact: The mail has to
be rewritten several times, which however can not be avoided, since
DKIM calculates the hash over the message requiring CRLF line feeds.
The good point of my implementation is: In case you don't need DKIM, no
DKIM modules are called. Apart from a trivial change to qmail-rspawn,
no changes where done to the core. However, the stub-routines qmail-
dksign and qmail-dkverify are deeply integrated into s/qmail.
DKIM support helps to deliver mails in particular to the big
providers like gmail and Microsoft. Early adoptors really need to read
the documentation about my DKIM solution available at:
https://www.fehcom.de/sqmail/sqmaildoc_05.html##qmail-DKIM
and the man pages!
DKIM key generation is a snap with the script mkdkimkey for both RSA
and Ed25519 keys and a subsequent DNS TXT record is available for easy
usage. I should mention, that my djbdnscurve6 already supports DKIM
records out-of-the-box.
s/qmail+DKIM works with both OpenSSL and LibreSSL in their advanced
versions. DKIM is no fastfood. It requires a lot of attention to setup
keys and signing strategies. I've tried to keep it in the spirit of
qmail. For signing, a new control file is available as 'dkimdomains'.
The stand-alone module 'qmail-dkim' can be used independently of
s/qmail and is simply a replacement for libdkim.
Special thanks to John Levine for his guidance on Ed25519 signatures.
The code is documented via doxygen:
https://www.fehcom.de/sqmail/doxygen/index.html
Regards.
--eh.
--
Dr. Erwin Hoffmann | www.fehcom.de
PGP key-id: 20FD6E671A94DC1E
PGP key-fingerprint: 8C6B 155B 0FDA 64F1 BCCE A6B9 20FD 6E67 1A94 DC1E