ZDKIMFILTER
"z" DKIM filter for Courier-MTA using the OpenDKIM Project's library
Download
zdkimfilter source repository
can also be accessed using Subversion or a web browser.
In that case, check READMEsvn before building.
For example, to get the latest sources:
Packages and installation
Gentoo: Daniel Black and Hanno Böck added this to gentoo linux.
Debian, Travis CI: Viktor Szépe created a
GitHub repository
synced with Travis CI;
an experimental Debian package build on AMD (Athlon) by
dpkg-buildpackage -b -uc -us
can be found here.
Since version 1.6, the debian subdirectory is included in the tarball.
That way, tarball users can issue that command instead of ./configure
in order to build a Debian package instead of a local installation.
Basic installation: Toby Heywood described his own twist on
DKIM + Courier-MTA on CentOS7, based on a
previous post by Patrick Contreras.
In addition, older tips that may be still worth considering are available in the OLD page
Install and Set Up sections.
Complete installation requires a database. The examples included in the distribution are based on MySQL and explained in the DB page. This work can be customized at will, which is why they're called examples. An utility to browse the database is still missing; maybe next version will feature something to tweak per-domain options. Other "obvious" settings, such as managing bounces of sent-out reports, are not even mentioned. Finally, in order to complete DMARC installation, you need to parse aggregate reports received from your targets and possibly feed the database. You may want to consider transforming aggregate reports to more readable HTML using dmarc-xls.
Requirements
- courier
- libgnutls or openssl*
- libopendbx,
- libnettle,
- libresolv,
- libidn2,
- libunistring,
- zlib,
- uuid,
- the pkg-config utility,
- libtool (a buggy requirement that will be removed from future versions; for v.1.5, libtool-bin is necessary to configure the package)
- In addition, the Public Suffix List is used for DMARC, if configured.
(*) Versions older than 3.0 require libopendkim
(Some old mumbling about where to get required
software and how to set up Courier may still be valid.)
DMARC
The complete installation automates sending DMARC aggregate reports.
As is well known, forwarding modified messages may require to rewrite From:.
That is one of the means for
mitigating DMARC damage to third party mail.
For sending, there is a Python script to forward mail safely, shielding
from strict DMARC policies. Designed for .courier files, the script does
a Mailman style mitigation —possibly munge From: and save the original value in the Reply-To:.
dmarc_shield3.py is published by Lindsay Haisley.
For receiving, zdkimfilter tries to revert that munging and verify the
original author domain's signature. If it succeeds, it sets the header
so that a Maildrop instruction can restore the original value of From:
after any external forwarding
(see zdkimfilter(8) man page).
License
Keep in mind that DKIM relies on patented technology that may require a separate licence.
As far as software copyright is concerned,
zdkimfilter is free software: you can redistribute it and/or modify
it under the terms of the GNU
General Public Licence
as published by the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
zdkimfilter is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public Licence
for more details.
As an additional permission under GNU GPLv3 section 7,
If you modify zdkimfilter, or any covered part of it, by linking or combining
it with OpenSSL, OpenDKIM, Sendmail, or any software developed by The Trusted
Domain Project or Sendmail Inc., containing parts covered by the applicable
licence, the licensor of zdkimfilter grants you additional permission to convey
the resulting work.
Copyright (C) 2012-2020 Alessandro Vesely