My second attempt to switch from to succeeded. The configuration is a breeze, I can stop worrying about breaking best practices accidentally. It also integrates nicely with Docker. The complication was setting up , this time I wrote my own filters for it.

The documentation suggests using opensmtpd-filter-dkimsign which on most platforms you have to get from an obscure Austrian server and compile yourself. It also lacks in functionality: only signing and no verification capability, and then only for one domain.

Show thread
Follow

The alternative is opensmtpd-filter-rspamd which is rather overdimensioned for my needs.

So writing my own filters it was. The filters protocol (man7.org/linux/man-pages/man7/) is fairly simple, handling it required around 100 lines of Python code.

· · Web · 1 · 0 · 0

The DKIM signing and verification filters are trivial then, thanks to the existing dkimpy module. You can see all the code and setup instructions here: gist.github.com/palant/c6ad869

Show thread

I changed the code to make attaching information to a session context more straightforward. So the verification filter can now optionally do verification as well. This should be the last major change I think.

gist.github.com/palant/c6ad869

Show thread
Sign in to participate in the conversation
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.