Provided by: dkimproxy_1.4.1-3_all bug

NAME

       dkimproxy.out - SMTP proxy for adding DKIM signatures to email

DESCRIPTION

       dkimproxy.out  listens on the IP address and TCP port specified by its first argument (the
       "listen" port), and sends the traffic it receives onto the second  argument  (the  "relay"
       port), with messages getting modified to have a DKIM or DomainKeys signature.

SYNOPSIS

         dkimproxy.out          [options]          --keyfile=FILENAME         --selector=SELECTOR
       --domain=DOMAIN LISTENADDR:PORT RELAYADDR:PORT
           smtp options:
             --conf_file=FILENAME
             --listen=LISTENADDR:PORT
             --relay=RELAYADDR:PORT
             --reject-error

           signing options:
             --signature=dkim|domainkeys
             --keyfile=FILENAME
             --selector=SELECTOR
             --method=simple|nowsp|relaxed|nofws
             --domain=DOMAIN

           daemon options:
             --daemonize
             --user=USER
             --group=GROUP
             --pidfile=PIDFILE
             --min_servers=NUM

         dkimproxy.out --help
           to see a full description of the various options

OPTIONS

       --daemonize

       If specified, the server will run in the background.

       --domain=DOMAIN

       Use this argument to specify what domain(s) you can sign for.  You  may  specify  multiple
       domains  by  separating  them with commas. If a single domain is specified, DKIMproxy will
       always use that domain to sign, if it can. If multiple domains  are  specified,  DKIMproxy
       will  try  to match the domain to the message's sender, and only generate a signature that
       will match the sender's domain.

       --group=GROUP

       If specified, the daemonized process will setgid() to the specified GROUP.

       --keyfile=FILENAME

       This is a required argument. Use it to specify the filename  containing  the  private  key
       used  in  signing  outgoing messages. For messages to verify, you will need to publish the
       corresponding public key in DNS, using the selector name specified by C<--selector>, under
       the domain(s) specified in C<--domain>.

       --method=simple|nowsp|relaxed|nofws

       This option specifies the canonicalization algorithm to use for signing messages. For DKIM
       signatures, the options are C<simple>, C<nowsp>, or C<relaxed>; the default is C<relaxed>.
       For  DomainKeys  signatures,  the  options  are  C<simple>  and  C<nofws>;  the default is
       C<nofws>.

       --pidfile=PIDFILE

       Creates a PID file (a file containing the PID of the process) for the daemonized  process.
       This makes it possible to check the status of the process, and to cleanly shut it down.

       --reject-error

       This  option  specifies what to do if an error occurs during signing of a message. If this
       option is specified, the message will be rejected with  an  SMTP  error  code.  This  will
       result  in the MTA sending the message to try again later, or bounce it back to the sender
       (depending on the exact error code used). If this option is  not  specified,  the  message
       will be allowed to pass through without having a signature added.

       --selector=SELECTOR

       This is a required argument. Use it to specify the name of the key selector.

       --sender_map=FILENAME

       If  specified,  the  named  file provides signature parameters depending on what sender is
       found in the message. See the section below titled L</"SENDER MAP FILE">.

       --signature=dkim|domainkeys

       This specifies what type of signature to add. Use C<dkim> to sign with  IETF  standardized
       DKIM  signatures.  Use  C<domainkeys>  to  sign  with  the  older, but more common, Yahoo!
       DomainKeys signatures.  The default is C<dkim>.

       This parameter can be specified more than once to add  more  than  one  signature  to  the
       message.  In  addition,  per  signature parameters can be specified by enclosing the comma
       separated options in parenthesis after the signature type, e.g.

         --signature=dkim(c=relaxed,key=private.key)

       The syntax for specifying per signature options is described in more detail in the section
       below titled L</"SENDER MAP FILE">.

       --user=USER

       If  specified, the daemonized process will setuid() to USER after completing any necessary
       privileged operations, but before accepting connections.

       --min_servers=NUM

       Number of process that DKIMproxy shall spawn and get ready for signing.

EXAMPLE

       For example, if dkimproxy.out is started with:

         dkimproxy.out  --keyfile=private.key  --selector=postfix            --domain=example.org
       127.0.0.1:10027 127.0.0.1:10028

       the  proxy  will  listen  on  port  10027  and send the signed messages to some other SMTP
       service on port 10028.

CONFIGURATION FILE

       Parameters can be stored in a separate file instead of specifying them all on the  command
       line. Use the C<conf_file> option to specify the path to the configuration file, e.g.

         dkimproxy.out --conf_file=/etc/dkimproxy_out.conf

       The  format  of  the configuration file is one option per line: name of the option, space,
       then the value of the option. E.g.

         # this is an example config file
         domain example.org,example.com
         keyfile private.key
         selector postfix
         signature dkim

       is equivalent to

         dkimproxy.out           --domain=example.org,example.com           --keyfile=private.key
       --selector=postfix --signature=dkim

SENDER MAP FILE

       If  you  want to use different signature properties depending on the sender of the message
       being signed, use a "sender map file". This is  a  lookup  file  containing  sender  email
       addresses on the left and signature properties on the right. E.g.

         # sign my mail with a EXAMPLE.COM dkim signature
         jason@long.name  dkim(d=example.com)

         # sign WIDGET.EXAMPLE mail with a default domainkeys signature
         widget.example   domainkeys

         # sign EXAMPLE.ORG mail with both a domainkeys and dkim signature
         example.org      dkim(c=relaxed,a=rsa-sha256), domainkeys(c=nofws)

       Right  hand values in a sender map file is a comma separated list of signature types. Each
       signature type may have a comma separated list of parameters enclosed in parenthesis.  The
       following signature parameters are recognized:

       key

       the private key file to use

       a

       the algorithm to use

       c

       the canonicalization method to use

       d

       the domain to use, default is to use the domain matched

       s

       the selector to use

SEE ALSO

       dkimproxy.in(8), dkim_responder(8), dkimsign(8),  dkimverify(8)

                                                                                 dkimproxy.out(8)