https://gitlab.synchro.net/main/sbbs/-/issues/215#note_1619
No, I understand where you are coming from. I will explain.
The private key can be created with either OpenSSL or a Synchronet-based variant. This would be stored in SBBSCTRL. The public key, which would also be stored in SBBSCTRL would require the Sysop to manually add it to their DNS configuration for their domain.
All outgoing messages would be signed with the public key and the specific selector defined within a DKIM configuration file we'd also store in SBBSCTRL.
All inbound messages would be checked for SPF, DMARC, and DKIM based upon the selector and public key incorporated in the message. If the message passes each, the message's reputation is increased. If it fails, message reputation decreases.
For example, here is a message sent via my BBS to my personal e-mail address on Gmail. I am using SendGrid for DKIM support:
Delivered-To:
brklauss@gmail.com
Received: by 2002:a05:600c:19c9:0:0:0:0 with SMTP id u9csp2534343wmq;
Tue, 16 Feb 2021 15:39:59 -0800 (PST)
X-Google-Smtp-Source: ABdhPJx7xkH71Ok7TfzUHEPQwaxQwdOpjL7wj4e/53ift4wl6c0IkcQLu0eDaXB1URURWjUgJ/Vf
X-Received: by 2002:aa7:c78e:: with SMTP id n14mr23321838eds.31.1613518799034;
Tue, 16 Feb 2021 15:39:59 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1613518799; cv=none;
d=google.com; s=arc-20160816;
b=GxkQ31+vcB2ZSuXQ1TtXjUIMdd4hpk7Umg3IAza/hOWfEm3uyAJJP8RShg24BAgaNa
YdNLsVzUO8BN6kRz/zwuhyZpiMm1e0brZJ1PPrt8Xml+IbdIG1j9fDgnFwrJ37gl1ulR
oOSSaPXD0qz/JB+9MVBuChBSuBohvV2MNmf+V3WGWXGKhAA+UYGGIIBcF6KlOlnHiL3i
y+Vb6IMCAnRvFuRBWYXIMRPRWHBaAVC2u3QxdiTX3kEhTIKrfceTbU62QF0gXIMAdTZ8
KjJmE6zoshURsG6UcR6umEebk5BtWzYRs1xjU8C+h94IzMcCpLkhzRtzN+55IkcZVqgY
3cQw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
h=content-transfer-encoding:to:message-id:subject:organization:from
:date:dkim-signature:dkim-signature;
bh=wE7NXSkgnx9PGiavN4OZhJztvkqPDlemV3OGuEnLwNo=;
b=WZiFmVHfCFBdxrsXt5rMgoxpCN2GjEcO9TAHesf/YTAUhR5utkTKrLUTauNcUROKxe
0EfEzSI6Gr9LfZ+PMLxMUErfTjb4MpTBhKyIZpeYSpOfc9iUTiFbGgUCDjJnIV2w92Tn
xSn/KpdpjeWuh4ePlj7DVhJ7OSUAifeFDNNN7jaqATbeaww+ob8xiEtQJL6/0GrA6UcE
KBheFJ+D58HKrBQrmaM14jcjEEgTVIDyFxWW/oPhizwqSfeB2BIeZimk1ryyWIhtOyXd
M9Kc4RqbMNQ26FcC7a3C94xFbyfA1y0lxARyUQKu7hyR5MLBF17X9AFxQNDqIHlIi405
D2Mw==
ARC-Authentication-Results: i=1; mx.google.com;
dkim=pass header.i=@caughtinadream.com header.s=s1 header.b=dosxvfjP;
dkim=pass header.i=@sendgrid.info header.s=smtpapi header.b=dQZYKBps;
spf=pass (google.com: domain of bounces+20263340-0b30-brklauss=
gmail.com@mx1.caughtinadream.com designates 149.72.167.211 as permitted sender) smtp.mailfrom="bounces+20263340-0b30-brklauss=
gmail.com@mx1.caughtinadream.com";
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=caughtinadream.com Return-Path: <bounces+20263340-0b30-brklauss=
gmail.com@mx1.caughtinadream.com> Received: from wrqvxtdp.outbound-mail.sendgrid.net (wrqvxtdp.outbound-mail.sendgrid.net. [149.72.167.211])
by mx.google.com with ESMTPS id cf25si350650ejb.193.2021.02.16.15.39.58
for <
brklauss@gmail.com>
(version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
Tue, 16 Feb 2021 15:39:58 -0800 (PST)
Received-SPF: pass (google.com: domain of bounces+20263340-0b30-brklauss=
gmail.com@mx1.caughtinadream.com designates 149.72.167.211 as permitted sender) client-ip=149.72.167.211;
Authentication-Results: mx.google.com;
dkim=pass header.i=@caughtinadream.com header.s=s1 header.b=dosxvfjP;
dkim=pass header.i=@sendgrid.info header.s=smtpapi header.b=dQZYKBps;
spf=pass (google.com: domain of bounces+20263340-0b30-brklauss=
gmail.com@mx1.caughtinadream.com designates 149.72.167.211 as permitted sender) smtp.mailfrom="bounces+20263340-0b30-brklauss=
gmail.com@mx1.caughtinadream.com";
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=caughtinadream.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=caughtinadream.com;
h=from:subject:x-feedback-id:to:content-type:content-transfer-encoding;
s=s1; bh=wE7NXSkgnx9PGiavN4OZhJztvkqPDlemV3OGuEnLwNo=;
b=dosxvfjPzEFqit0KF7ENjoQz7mCdIl7ZHaEawzS+iYneT0GpDvzqjxp4f0GVABVx/IJ4
gfBzUQ5GSYt6klOtJbzAKFe+dbHAA02kaCSz6e6AR37jCEvirseo5RQtDvyrDkpFIS9uQx
jX2nuQf/kYh1SQTfcs2s8bZZ6HYdXMOI0=
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sendgrid.info;
h=from:subject:x-feedback-id:to:content-type:content-transfer-encoding;
s=smtpapi; bh=wE7NXSkgnx9PGiavN4OZhJztvkqPDlemV3OGuEnLwNo=;
b=dQZYKBpsaKciWFvBWJ1xJZr7x24lS9jFLheyNdQJiA8ZOgGMJGOkJ7YMz7+FNzgXRrLA
Df3SWM0oPoKcoORBtMnt7DKiHb4O2Kwmf4PXwp81k9bE8Rygcb9WJFfPnzC/FwWyl5g1it
JeK4TDAUK2p9ur2gxR1HoN21/UJ/Ci+Ck=
Received: by filterdrecv-p3las1-c477c4585-j7t5v with SMTP id filterdrecv-p3las1-c477c4585-j7t5v-19-602C57CD-28
2021-02-16 23:39:57.325399191 +0000 UTC m=+607919.338513971
Received: from caughtinadream.com (unknown)
by ismtpd0007p1sjc2.sendgrid.net (SG) with ESMTP id tCRoSjJoQRuGrc9yiqr2mw
for <
brklauss@gmail.com>; Tue, 16 Feb 2021 23:39:57.106 +0000 (UTC) Date: Tue, 16 Feb 2021 23:39:57 +0000 (UTC)
From: Brian Klauss <
Brian.Klauss@caughtinadream.com>
Organization: Caught in a Dream
Subject: Test Message
Message-ID: <
602C57CB.35@caughtinadream.com>
X-Originator-Info: account=1; login-id=Dream Master; server=caughtinadream.com; client=c-73-217-59-236.hsd1.co.comcast.net; addr=73.217.59.236; prot=Telnet; port=52531; time=20210216233932Z
X-FTN-PID: Synchronet 3.18c-Linux master/5379321a7 Feb 8 2021 GCC 7.3.1 X-Feedback-ID: 20263340:SG
X-SG-EID:
=?us-ascii?Q?dkvBTF00wWJ1U=2FXqF+eOSrBY5UyTMov7GLjiYXu6uW9eVdxubzIqXmQhxj750p?=
=?us-ascii?Q?AHlCxTknN6Wcryw2H4BdSwaOapGjw50rInLGE9n?=
=?us-ascii?Q?cbGb=2Fp6oRNu=2FER9vQGHHh7kq2jDp9mcUN=2FjAJN9?=
=?us-ascii?Q?N38t19Csbjh7G+DaaDUGTeF9dz4YT2EloJvyvwf?=
=?us-ascii?Q?KHJAwiC6RL5JoCDG+Ub5g+wL8k3UfyzqTHHsFaL?=
=?us-ascii?Q?mnyEWB71sM82i0SForTI1qCKEGneHdfpNqHce1e?=
=?us-ascii?Q?kW0W83yqrzXMcV3Dl11xQ=3D=3D?=
To: brklauss <
brklauss@gmail.com>
X-Entity-ID: 9SDT/t7dA4TjvOpqwqLxJQ==
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
This is a test message.
As you can see, the DKIM signature is part of the message envelope.
My DNS records for DKIM include the following (and because I am having it hosted on SendGrid):
s1._domainkey.caughtinadream.com CNAME s1.domainkey.u20263340.wl091.sendgrid.net
s2._domainkey.caughtinadream.com CNAME s2.domainkey.u20263340.wl091.sendgrid.net
The s1 and s2 are the selectors for the DKIM public keys.
The answer for s1 is:
s1.domainkey.u20263340.wl091.sendgrid.net. 1800 IN TXT "k=rsa; t=s; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWgFE3NLmoljx9/R/iA8J2Jig76jGymxBP17FUYAA6ZBtKXqb6S05QovodpvqC0DltrJOA7IFbZCljdiTQ4QO80GzvY6w5SkYCkcS5bvUlDWSY9CsTIsZqOC8ho8QJhlcdnluwK7sOC5frHAeCBxBMMhcXvu3MZ+Qh6NcWChDGVQIDAQAB"
The hash and key match, the message is valid. If it doesn't, message isn't valid.
I answer everything this time?
Brian...
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net