Normally, zdkimsign uses the --no-db option of zdkimfilter, so as to avoid having the messages signed this way logged to the database. However, the --db-filter option allows logging. Using it may require to choose a temporary directory carefully: To have zdkimfilter sign the files, zdkimsign writes a minimal ctlfile in the temporary directory. The inode number for database keys is that of the ctlfile. To ensure uniqueness, if used as a key, it is necessary that the ctlfile gets created in the same disk partition where Courier writes received mail files.
zdkimsign creates the ctlfile in the directory specified by the -t option, if any; otherwise, in the one specified by the tmp configuration option, if present; otherwise in /tmp.
I/O behavior is obtained by passing the --no-fork option to zdkimfilter. That way, the message-file arguments get silently ignored.
See the description above for the relationship between key uniqueness and the temporary directory.
Unless --filter is also specified, zdkimverify passes the --no-write option to zdkimfilter, so as to not modify the target mail file. Authentication-Results are output on stdout, log lines to stderr.
Copyright © 2012-2021 Alessandro Vesely