NAME¶
dkimproxy.in - SMTP proxy for verifying DKIM signatures
DESCRIPTION¶
dkimproxy.in listens on the IP address and TCP port specified by its first
argument (the "listen" port), and sends the traffic it receives onto
the second argument (the "relay" port), with messages getting
verified and having an "Authentication-Results" header added to
them.
SYNOPSIS¶
dkimproxy.in [options] LISTENADDR:PORT RELAYADDR:PORT
smtp options:
--conf_file=FILENAME
--listen=LISTENADDR:PORT
--relay=RELAYADDR:PORT
--reject-error
verification options:
--reject-fail
--hostname=HOSTNAME
daemon options:
--daemonize
--user=USER
--group=GROUP
--pidfile=PIDFILE
--min_servers=NUM
OPTIONS¶
--daemonize
If specified, the server will run in the background.
--group=GROUP
If specified, the daemonized process will setgid() to the specified GROUP.
--hostname=HOSTNAME
Overrides the hostname used in the Authentication-Results header. This header
gets added to every verified message. Use this option if the hostname that
appears is not fully qualified or you want to use an alternate name.
--pidfile=PIDFILE
Creates a PID file (a file containing the PID of the process) for the daemonized
process. This makes it possible to check the status of the process, and to
cleanly shut it down.
--reject-error
This option specifies what to do if an error occurs during verification of a
message. If this option is specified, the message will be rejected with an
SMTP error code. This will result in the MTA sending the message to try again
later, or bounce it back to the sender (depending on the exact error code
used). If this option is not specified, the message will be passed through
with an error listed in the Authentication-Results header instead of the
verification results.
--reject-fail
This option specifies what to do if verification fails and the sender signing
policy says to reject the message. If this option is specified, the message
will be rejected with an SMTP error code. This will result in the sending MTA
to bounce the message back to the sender. If this option is not specified, the
message will pass through as normal.
--user=USER
If specified, the daemonized process will setuid() to USER after completing any
necessary privileged operations, but before accepting connections.
--min_servers=NUM
Number of process that DKIMproxy shall spawn and get ready for filtering.
EXAMPLE¶
For example, if dkimproxy.in is started with:
dkimproxy.in --reject-fail --reject-error 127.0.0.1:10025 127.0.0.1:10026
the proxy will listen on port 10025 and send the verified messages to some other
SMTP service on port 10026.
CONFIGURATION FILE¶
Parameters can be stored in a separate file instead of specifying them all on
the command line. Use the conf_file option to specify the path to the
configuration file, e.g.
dkimproxy.in --conf_file=/etc/dkimproxy_in.conf
The format of the configuration file is one option per line: name of the option,
space, then the value of the option. E.g.
# this is an example config file
listen 127.0.0.1:10025
relay 127.0.0.1:10026
hostname myhost.example.com
reject_fail
is equivalent to
dkimproxy.out --hostname=myhost.example.com --reject-fail 127.0.0.1:10025
127.0.0.1:10026
SEE ALSO¶
dkimproxy.out(8),
dkim_responder(1),
dkimsign(1),
dkimverify(1)