Man Linux: Main Page and Category List


       dkimproxy.out - SMTP proxy for adding DKIM signatures to email


       dkimproxy.out  listens  on the IP address and TCP port specified by its
       first argument (the "listen" port), and sends the traffic  it  receives
       onto  the  second  argument  (the  "relay" port), with messages getting
       modified to have a DKIM or DomainKeys signature.


         dkimproxy.out   [options]   --keyfile=FILENAME    --selector=SELECTOR
           smtp options:

           signing options:

           daemon options:

         dkimproxy.out --help
           to see a full description of the various options



       If specified, the server will run in the background.


       Use  this  argument to specify what domain(s) you can sign for. You may
       specify multiple domains by separating them with commas.  If  a  single
       domain  is specified, DKIMproxy will always use that domain to sign, if
       it can. If multiple domains are specified, DKIMproxy will try to  match
       the  domain to the message's sender, and only generate a signature that
       will match the sender's domain.


       If specified, the daemonized process will  setgid()  to  the  specified


       This  is a required argument. Use it to specify the filename containing
       the private key used in signing  outgoing  messages.  For  messages  to
       verify,  you  will need to publish the corresponding public key in DNS,
       using the selector name specified by C<--selector>, under the domain(s)
       specified in C<--domain>.


       This option specifies the canonicalization algorithm to use for signing
       messages. For DKIM signatures, the options are C<simple>, C<nowsp>,  or
       C<relaxed>;  the  default is C<relaxed>. For DomainKeys signatures, the
       options are C<simple> and C<nofws>; the default is C<nofws>.


       Creates a PID file (a file containing the PID of the process)  for  the
       daemonized  process.  This makes it possible to check the status of the
       process, and to cleanly shut it down.


       This option specifies what to do if an error occurs during signing of a
       message. If this option is specified, the message will be rejected with
       an SMTP error code. This will result in the MTA sending the message  to
       try  again  later,  or  bounce  it back to the sender (depending on the
       exact error code used). If this option is not  specified,  the  message
       will be allowed to pass through without having a signature added.


       This  is  a  required  argument.  Use it to specify the name of the key


       If specified, the named file provides signature parameters depending on
       what  sender  is  found  in  the  message. See the section below titled
       L</"SENDER MAP FILE">.


       This specifies what type of signature to add. Use C<dkim> to sign  with
       IETF  standardized  DKIM signatures. Use C<domainkeys> to sign with the
       older, but more common, Yahoo! DomainKeys signatures.  The  default  is

       This  parameter  can  be  specified more than once to add more than one
       signature to the message. In addition, per signature parameters can  be
       specified by enclosing the comma separated options in parenthesis after
       the signature type, e.g.


       The syntax for specifying per signature options is  described  in  more
       detail in the section below titled L</"SENDER MAP FILE">.


       If  specified,  the  daemonized  process  will  setuid()  to USER after
       completing any necessary privileged operations,  but  before  accepting


       Number of process that DKIMproxy shall spawn and get ready for signing.


       For example, if dkimproxy.out is started with:

         dkimproxy.out        --keyfile=private.key         --selector=postfix

       the  proxy  will  listen  on port 10027 and send the signed messages to
       some other SMTP service on port 10028.


       Parameters can be stored in a separate file instead of specifying  them
       all  on  the  command  line. Use the C<conf_file> option to specify the
       path to the configuration file, e.g.

         dkimproxy.out --conf_file=/etc/dkimproxy_out.conf

       The format of the configuration file is one option per  line:  name  of
       the option, space, then the value of the option. E.g.

         # this is an example config file
         keyfile private.key
         selector postfix
         signature dkim

       is equivalent to

         dkimproxy.out, --keyfile=private.key
       --selector=postfix --signature=dkim


       If you want to use different  signature  properties  depending  on  the
       sender  of the message being signed, use a "sender map file". This is a
       lookup file containing sender email addresses on the left and signature
       properties on the right. E.g.

         # sign my mail with a EXAMPLE.COM dkim signature  dkim(

         # sign WIDGET.EXAMPLE mail with a default domainkeys signature
         widget.example   domainkeys

         # sign EXAMPLE.ORG mail with both a domainkeys and dkim signature      dkim(c=relaxed,a=rsa-sha256), domainkeys(c=nofws)

       Right  hand  values  in  a sender map file is a comma separated list of
       signature types. Each signature type may have a comma separated list of
       parameters  enclosed in parenthesis. The following signature parameters
       are recognized:


       the private key file to use


       the algorithm to use


       the canonicalization method to use


       the domain to use, default is to use the domain matched


       the selector to use

SEE ALSO, dkim_responder(8), dkimsign(8),  dkimverify(8)