From mboxrd@z Thu Jan 1 00:00:00 1970 From: Anthony Sorace Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Mime-Version: 1.0 (Mac OS X Mail 11.2 \(3445.5.20\)) Date: Tue, 30 Jan 2018 17:19:53 -0500 References: To: Fans of the OS Plan 9 from Bell Labs <9fans@9fans.net> In-Reply-To: Message-Id: <940274A1-5BB7-4B0D-9356-5D9CC7933389@9srv.net> Subject: Re: [9fans] DKIM with upas Topicbox-Message-UUID: cb5fd8ba-ead9-11e9-9d60-3106f5b1d025 Where you've put it seems like the right place to me. Acme Mail is doing the wrong thing here. It should respect $upasname for this purpose, like marshal does. I think this is just a change to mesgsend in /acme/mail/src/reply.c; unlike marshal, don't overwrite user, but just wrap "fprint(ofd, "From: %s\n", user);" with a check for $upasname being set. I'm interested in using your DKIM thing, too, so thanks. :-) > On Jan 29, 2018, at 10:58 , Dave MacFarlane wrote: > > I started hosting my personal domain's email on 9front and wanted to > sign my outgoing emails with a DKIM, so I wrote something in Go that > reads a message from stdin and writes a DKIM signed version to stdout > (https://github.com/driusan/dkim). > > I was planning on using it in /mail/lib/remotemail by having the final > "exec smtp [...]" replaced by " exec dkimsign [...] | upas/smtp [...]" > and that works with marshal (if I ensure that I add all the headers > that I'm signing manually), but not acme. > > From what I can tell, acme always uses a From line of "From: > localname" (overriding any that you manually specified), and expects > upas/smtp to add in the domain, which is causing the signature to fail > after smtp modifies the signed header. (marshal leaves any headers > that you manually specify unmolested, so the signature is valid as > long as you include a fully qualified From: line while writing the > message.) > > Is there a better place/way to do the signing? Ideally I could sign it > as the last thing it does before going out over the wire, but at the > very least I need to sign it after expanding the addresses. (The > standard says I also need to do the hashing before smtp dot stuffing, > but I can take care of that with a flag on the Go side..) The best I > can think of is some convoluted mix of "upas/smtp -f .domainname | > dkimsign | [some script that undoes most of what upas/smtp -f did ] | > upas/smtp", but I have a feeling I'm just missing some better place to > do the signing from. > > - Dave