[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: DKIM for Debian Developers


On Mon, Apr 13, 2020 at 01:39:00PM +0100, Adam D. Barratt wrote:

There's been a lot of discussion in various forums recently about mail
authentication for @debian.org addresses. As an initial step in that
direction, I'm pleased to announce that the db.debian.org mail gateway
now allows DDs to configure DKIM keys [http://www.dkim.org/] for their
account, using the "dkimPubKey" command.

The command format to use to set keys is:

   dkimPubKey: <selectorname> <base64-encoded key>

where the selector name must end with ".your_uid.user"

As an example, to configure a key for the DKIM selector
"debian1.adsb.user", I might send:

   dkimPubKey: debian1.adsb.user MIIBIjANBgkqhkiG9w0BAQ...

to change@db.debian.org. This will result in a TXT record for
debian1.adsb.user._domainkey.debian.org. (i.e. a selector of

thanks to Adam and DSA for this!

Multiple selectors can be added for a user by sending multiple
"dkimPubKey" commands. Similarly to the existing SSH key functionality,
any existing keys will be removed when adding new ones, so all required
keys must be provided in the same mail.

Some related resources which might be useful for configuring DKIM
signing using popular MTAs:

   - https://exim.org/exim-html-current/doc/html/spec_html/ch-dkim_spf_and_dmarc.html#SECDKIMSIGN
   - https://debian-administration.org/article/718/DKIM-signing_outgoing_mail_with_exim4
   - http://opendkim.org/opendkim-README

As ever, please let us know if you have any comments on or issues with
the new functionality.


for DSA

IRC: gfa
GPG: 0x27263FA42553615F904A7EBE2A40A2ECB8DAD8D5
OLD GPG: 0x44BB1BA79F6C6333

Reply to: