Hi,
There's been a lot of discussion in various forums recently about mail
authentication for @debian.org addresses. As an initial step in that
direction, I'm pleased to announce that the db.debian.org mail gateway
now allows DDs to configure DKIM keys [http://www.dkim.org/] for their
account, using the "dkimPubKey" command.
The command format to use to set keys is:
dkimPubKey: <selectorname> <base64-encoded key>
where the selector name must end with ".your_uid.user"
As an example, to configure a key for the DKIM selector
"debian1.adsb.user", I might send:
dkimPubKey: debian1.adsb.user MIIBIjANBgkqhkiG9w0BAQ...
to change@db.debian.org. This will result in a TXT record for
debian1.adsb.user._domainkey.debian.org. (i.e. a selector of
"debian1.adsb.user")
Multiple selectors can be added for a user by sending multiple
"dkimPubKey" commands. Similarly to the existing SSH key functionality,
any existing keys will be removed when adding new ones, so all required
keys must be provided in the same mail.
Some related resources which might be useful for configuring DKIM
signing using popular MTAs:
- https://exim.org/exim-html-current/doc/html/spec_html/ch-dkim_spf_and_dmarc.html#SECDKIMSIGN
- https://debian-administration.org/article/718/DKIM-signing_outgoing_mail_with_exim4
- http://opendkim.org/opendkim-README
As ever, please let us know if you have any comments on or issues with
the new functionality.
Regards,
Adam
for DSA
Attachment:
signature.asc
Description: This is a digitally signed message part