DKIM integration

chasquid supports generating DKIM signatures via the hooks mechanism.

Signing

The example hook includes integration with driusan/dkim and dkimpy, and assumes the following:

• The selector for a domain can be found in the file domains/$DOMAIN/dkim_selector.
• The private key to use for signing can be found in the file certs/$DOMAIN/dkim_privkey.pem.

Only authenticated email will be signed.

Setup with driusan/dkim

1. Install the driusan/dkim tools with something like the following (adjust to your local environment):

   for i in dkimsign dkimverify dkimkeygen; do go get github.com/driusan/dkim/cmd/$i go install github.com/driusan/dkim/cmd/$i done sudo cp ~/go/bin/{dkimsign,dkimverify,dkimkeygen} /usr/local/bin

2. Generate the domain key for your domain using dkimkeygen.

3. Publish the DNS record from dns.txt (guide).
4. Write the selector you chose to domains/$DOMAIN/dkim_selector.
5. Copy private.pem to /etc/chasquid/certs/$DOMAIN/dkim_privkey.pem.
6. Verify the setup using one of the publicly available tools, like mail-tester.

Setup with dkimpy

1. Install dkimpy with apt install python3-dkim or the equivalent for your environment.
2. Generate the domain key for your domain using dknewkey dkim.
3. Publish the DNS record from dkim.dns (guide).
4. Write the selector you chose to domains/$DOMAIN/dkim_selector.
5. Copy dkim.key to /etc/chasquid/certs/$DOMAIN/dkim_privkey.pem.
6. Verify the setup using one of the publicly available tools, like mail-tester.

Verification

Verifying signatures is technically supported as well, and can be done in the same hook. However, it's not recommended for SMTP servers to reject mail on verification failures (source 1, source 2), so it is not included in the example.