#8 Adding headers to DKIM signing.

[Lee Stewart]

We're using your DKIM patch with Qmail 1.06 and it's working great.

In order to set up a feedback loop with Gmail, Google asks that each email have a new header field "Feedback-ID" (https://support.google.com/mail/answer/6254652) and they require the field to be signed.

I can't figure out how to add Feedback-ID to the h= tag of the signature. Can this be done through DKSIGNOPTIONS? Is there an easy way to modify the code?

Thanks!

Lee Stewart

[Manvendra Bhangui]

Are you doing DKIM signing during SMTP or are you adding the signature during remote delivery?

As long as the header is added before qmail-dkim gets called, the header will get signed. There are many ways to do this. Why don't you come on indimail@googlegroups.com so that we can discuss this.

For doing this there is no code modification required. Also let me know which patch are you using?

Regards Manny

[Lee Stewart]

We're using dkim-netqmail-1.06.patch-1.19.gz

The signing is being done during remote delivery and works fine for the default fields. I've added the Google header field to our email headers:
X-Feedback-ID: a🅱️c:SenderId

But DKIM is only signing these:
h=Date:Message-ID:To:Subject:X-Mailer:MIME-Version:From:Content-Type;

I'm wondering how to get X-Feedback-ID signed in addition to the standard fields.

Thanks for the help.

[Manvendra Bhangui]

On 30 March 2016 at 23:57, Lee Stewart surfmerpostman@users.sf.net wrote:

We're using dkim-netqmail-1.06.patch-1.19.gz

OK. Now this patch already has a mechanism to call your own filters. In fact, DKIM signing during remote delivery is achieved like this

qmail-rspawn ----> spawn-filter ----> execute program defined in /var/qmail/control/filterargs and feed the output to qmail-remote

The signing is being done during remote delivery and works fine for the default fields. I've added the Google header field to our email headers:
X-Feedback-ID: a:b:c:SenderId

But DKIM is only signing these:
h=Date:Message-ID:To:Subject:X-Mailer:MIME-Version:From:Content-Type;

This is because you are adding the header X-Feedback-ID after the dkim signing. You have to add the header before dkim signing.

I'm wondering how to get X-Feedback-ID signed in addition to the standard fields.

modify /var/qmail/control/filterargs to have something like this

*:remote:/var/qmail/bin/add_sender_id | /var/qmail/bin/dk-filter

The script add_sender_id can be something like the script below. The script simply echoes the X-Feedback-ID to standard output followed by /bin/cat which simply copies stdin to stdout. The entire output of the below script will be fed to dk-filter, which then will do dkim signing on the email, with the X-Feedback-ID as the first header.

You can lookup the man page for dk-filter and spawn-filter

!/bin/sh

echo "X-Feedback-ID: a🅱️c:SenderId"
/bin/cat

[Manvendra Bhangui]

Closing the ticket as I have not got any update on my reply posted earlier. As stated earlier, it is possible to add your headers without making any changes to qmail-dkim

[Lee Stewart]

Yes, you can close this.

My PHP code was addding the headers before the DKIM signing was being done. I found that I could get Google's field to be included if I dropped the "X" from the beginning and used "Feedback-ID"

I was waiting to get hear from Google, I'm not entirely sure if that will work or if I need to use "X-Feedback-ID". I haven't received a reply from them, but I should have updated this ticket so you knew the status.

Sorry about the slow reply.