1. Forum
  2. DOVE-Net
  3. Synchronet Programming

  • src/sbbs3/mail_dkim.c mail_dkim.hdocs/v322_new.md src/sbbs3/GNUmakefil

    From Rob Swindell (on Debian Linux)@VERT to Git commit to main/sbbs/master on Fri Jun 26 01:24:22 2026
    https://gitlab.synchro.net/main/sbbs/-/commit/32ea273f6f53272ca216a195
    Added Files:
    src/sbbs3/mail_dkim.c mail_dkim.h
    Modified Files:
    docs/v322_new.md src/sbbs3/GNUmakefile mailsrvr.cpp mailsrvr.h mailsrvr.vcxproj mime.c mime.h objects.mk sbbs_ini.c src/sbbs3/scfg/scfgindex.h scfgsrvr.c
    Log Message:
    mailsrvr: DKIM signing of outbound mail (issue #215)

    Sign outbound messages with a relaxed/relaxed rsa-sha256 DKIM-Signature
    header so receivers can authenticate them. Enabled via the [Mail]
    DKIMSign / DKIMDomain / DKIMSelector keys (and the SCFG SendMail Support
    menu); the RSA private key is loaded from ctrl/dkim_<selector>.pem and
    the matching public key is published in DNS by the sysop.

    New mail_dkim.{c,h}: streaming relaxed body hash, relaxed header canonicalization, DKIM-Signature assembly, and OpenSSL EVP signing
    (cryptlib cannot emit a raw PKCS#1 signature). This is an OpenSSL-only feature, gated on pkg-config libcrypto; without it the entry points
    compile to no-op stubs and mail goes out unsigned.

    Integration in sendmail_thread uses a two-pass render: pass 1 captures
    the message via a thread-local observer on sockprintf (nothing
    transmitted) to compute the body hash and collect the signed headers,
    then the DKIM-Signature is prepended and pass 2 transmits while
    re-hashing the body, aborting on a mismatch. mimegetboundary() gains a
    seed so both passes produce an identical MIME boundary; the MSG_KILLFILE attachment removal and the msg.subj mutation are guarded/saved so the
    capture pass has no side effects. POP3 retrieval and the
    DKIM-disabled path are byte-for-byte unchanged.

    SCFG gains DKIM Signing / Domain / Selector options under Mail Server -> SendMail Support (scfgindex.h regenerated).

    Live-validated on mail.synchro.net: Gmail reports dkim=pass, and
    dmarc=pass for a *.synchro.net From address (relaxed alignment against a
    single d=synchro.net key).

    Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
    (cherry picked from commit d28f2990942da53bfc96e3ed84daeac8277a41e1)

    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net