Provided by: opensmtpd-filter-dkimsign_0.5-2.1_amd64 bug

NAME
       filter-dkimsign - add dkim signature to messages


SYNOPSIS

       filter-dkimsign [-tz] [-a algorithm] [-c canonicalization] [-h headers] [-x seconds] -d domain -k file
                       -s selector


DESCRIPTION
       filter-dkimsign adds a dkim signature to the message.  The following flags are supported:

       -a algorithm
               The  algorithm to use.  Supported signing algorithms are rsa and ed25519 (when enabled at compile
               time).  Only sha256 should be used for hashing,  since  other  algorithms  are  most  likely  not
               supported by verifiers.  Defaults to rsa-sha256.

       -c canonicalization
               The canonicalization algorithm used to sign the message.  Defaults to simple/simple.

       -d domain
               The  domain  where  the  public key can be found.  This option can be specified multiple times to
               select the best domain during signing.  If specified  multiple  times  it  looks  at  the  domain
               component  of  the first mailbox in the from-header and tries to find a match.  If no exact match
               can be found it looks for the closest parent domain.  If no  matches  can  be  the  first  domain
               specified will be used.

       -h headers
               The  email  headers  which  are  included in the mail signature.  Per RFC this option requires at
               least the from header to be included.  The headers are specified by separating them with a colon.
               The default  is  from:reply-to:subject:date:to:cc:resent-date:resent-from:resent-to:resent-cc:in-
               reply-to:references:list-id:list-help:list-unsubscribe:list-subscribe:list-post:list-owner:list-
               archive.

       -k file file should point to a file containing the RSA private key to sign the messages.

       -s selector
               The selector within the _domainkey subdomain of domain where the public key can be found.

       -t      Add the time of signing to the dkim header.

       -x seconds
               Add the amount of seconds the signature is valid to the dkim header.

       -z      Add  the mail headers used in the dkim signature to the dkim header.  If a second -z is specified
               all headers will be included in the dkim header.  Useful for debugging purposes.


SEE ALSO
       smtpd(8)


STANDARDS
       D. Crocker, Ed., T. Hansen, Ed., and M. Kucherawy, Ed., DomainKeys Identified Mail (DKIM) Signatures, RFC
       6376, Brandenburg InternetWorking, AT&T Laboratories, and Cloudmark, September 2011.

       J. Levine, A New Cryptographic Signature Method for DomainKeys Identified  Mail,  RFC  8463,  Taughannock
       Networks, September 2018.


AUTHORS
       Martijn van Duren <martijn@openbsd.org>

Ubuntu                                           January 9, 2025                              FILTER-DKIMSIGN(8)