.TH dkimproxy.in 8

.SH NAME
dkimproxy.in \- SMTP proxy for verifying DKIM signatures

.SH DESCRIPTION

dkimproxy.in listens on the IP address and TCP port specified by its
first argument (the "listen" port), and sends the traffic it receives
onto the second argument (the "relay" port), with messages getting
verified and having an "Authentication\-Results" header added to them.

.SH SYNOPSIS

  dkimproxy.in [options] LISTENADDR:PORT RELAYADDR:PORT
    smtp options:
      \-\-conf_file=FILENAME
      \-\-listen=LISTENADDR:PORT
      \-\-relay=RELAYADDR:PORT
      \-\-reject\-error

    verification options:
      \-\-reject\-fail
      \-\-hostname=HOSTNAME

    daemon options:
      \-\-daemonize
      \-\-user=USER
      \-\-group=GROUP
      \-\-pidfile=PIDFILE
      \-\-min_servers=NUM

.SH OPTIONS

.B \-\-daemonize

If specified, the server will run in the background.

.B \-\-group=GROUP

If specified, the daemonized process will setgid() to the specified GROUP.

.B \-\-hostname=HOSTNAME

Overrides the hostname used in the Authentication\-Results header.
This header gets added to every verified message.
Use this option if the hostname that appears is not fully qualified
or you want to use an alternate name.

.B \-\-pidfile=PIDFILE

Creates a PID file (a file containing the PID of the process) for
the daemonized process. This makes it possible to check the status
of the process, and to cleanly shut it down.

.B \-\-reject\-error

This option specifies what to do if an error occurs during verification
of a message. If this option is specified, the message will be rejected
with an SMTP error code. This will result in the MTA sending the message
to try again later, or bounce it back to the sender (depending on the
exact error code used). If this option is not specified, the message
will be passed through with an error listed in the Authentication\-Results
header instead of the verification results.

.B \-\-reject-fail

This option specifies what to do if verification fails and the sender
signing policy says to reject the message. If this option is specified,
the message will be rejected with an SMTP error code.
This will result in the sending MTA to
bounce the message back to the sender. If this option is not specified,
the message will pass through as normal.

.B \-\-user=USER

If specified, the daemonized process will setuid() to USER after
completing any necessary privileged operations, but before accepting
connections.

.B \-\-min_servers=NUM

Number of process that DKIMproxy shall spawn and get ready for filtering.

.SH EXAMPLE

For example, if dkimproxy.in is started with:

  dkimproxy.in \-\-reject\-fail \-\-reject\-error 127.0.0.1:10025 127.0.0.1:10026

the proxy will listen on port 10025 and send the verified messages to
some other SMTP service on port 10026.

.SH CONFIGURATION FILE

Parameters can be stored in a separate file instead of specifying
them all on the command line. Use the conf_file option to specify
the path to the configuration file, e.g.

  dkimproxy.in \-\-conf_file=/etc/dkimproxy_in.conf

The format of the configuration file is one option per line:
name of the option, space, then the value of the option. E.g.

  # this is an example config file
  listen      127.0.0.1:10025
  relay       127.0.0.1:10026
  hostname    myhost.example.com
  reject_fail

is equivalent to

  dkimproxy.out \-\-hostname=myhost.example.com \-\-reject\-fail \
                  127.0.0.1:10025 127.0.0.1:10026

.SH "SEE ALSO"
dkimproxy.out(8), dkim_responder(1), dkimsign(1),  dkimverify(1)