My second attempt to switch from to succeeded. The configuration is a breeze, I can stop worrying about breaking best practices accidentally. It also integrates nicely with Docker. The complication was setting up , this time I wrote my own filters for it.

· · Web · 1 · 0 · 1

The documentation suggests using opensmtpd-filter-dkimsign which on most platforms you have to get from an obscure Austrian server and compile yourself. It also lacks in functionality: only signing and no verification capability, and then only for one domain.

Show thread

The alternative is opensmtpd-filter-rspamd which is rather overdimensioned for my needs.

So writing my own filters it was. The filters protocol ( is fairly simple, handling it required around 100 lines of Python code.

Show thread

The DKIM signing and verification filters are trivial then, thanks to the existing dkimpy module. You can see all the code and setup instructions here:

Show thread

I changed the code to make attaching information to a session context more straightforward. So the verification filter can now optionally do verification as well. This should be the last major change I think.

Show thread
Sign in to participate in the conversation
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.