The dk-milter package is an open source implementation of the DomainKeys

sender authentication system proposed by Yahoo!, Inc.

mail/dk-milter/Makefile

@@ -0,0 +1,28 @@
+# $OpenBSD: Makefile,v 1.1.1.1 2006/07/31 12:35:07 jakob Exp $
+
+COMMENT=	"DomainKeys milter"
+
+DISTNAME=	dk-milter-0.4.1
+PKGNAME=	${DISTNAME}
+CATEGORIES=	mail
+HOMEPAGE=	http://sourceforge.net/projects/dk-milter/
+
+MASTER_SITES=	${MASTER_SITE_SOURCEFORGE:=dk-milter/}
+
+# sendmail open source license
+PERMIT_PACKAGE_CDROM=		Patent
+PERMIT_PACKAGE_FTP=		Yes
+PERMIT_DISTFILES_CDROM=		Patent
+PERMIT_DISTFILES_FTP=		Yes
+
+WANTLIB=	c pthread milter
+
+EXAMPLESDIR=	share/examples/dk-milter
+
+do-install:
+	${INSTALL_PROGRAM} ${WRKSRC}/obj.*/dk-filter/dk-filter ${PREFIX}/libexec
+	${INSTALL_MAN} ${WRKSRC}/dk-filter/dk-filter.8 ${PREFIX}/man/man8
+	${INSTALL_DATA_DIR} ${PREFIX}/${EXAMPLESDIR}
+	${INSTALL_DATA} ${WRKSRC}/dk-filter/gentxt.csh ${PREFIX}/${EXAMPLESDIR}
+
+.include <bsd.port.mk>

mail/dk-milter/distinfo

@@ -0,0 +1,4 @@
+MD5 (dk-milter-0.4.1.tar.gz) = ec5f4fa17d53a2f39ebb0025caccabe0
+RMD160 (dk-milter-0.4.1.tar.gz) = fc75a6884b91466e97fd4830107baa43777f768b
+SHA1 (dk-milter-0.4.1.tar.gz) = aec7e89dabe88fd277708bbb95bc02d48c305d79
+SIZE (dk-milter-0.4.1.tar.gz) = 313092

mail/dk-milter/patches/patch-dk-filter_dk-filter_8

@@ -0,0 +1,11 @@
+$OpenBSD: patch-dk-filter_dk-filter_8,v 1.1.1.1 2006/07/31 12:35:07 jakob Exp $
+--- dk-filter/dk-filter.8.orig	Thu May 25 20:38:49 2006
++++ dk-filter/dk-filter.8	Mon Jun 19 23:13:43 2006
+@@ -172,6 +172,7 @@ See also the NOTES section below.
+ Attempts to be come the specified
+ .I userid
+ before starting operations.
++The default is to change user to _dk-milter.
+ .TP
+ .I -U popdb
+ Requests that the filter consult a POP authentication database for IP

mail/dk-milter/patches/patch-dk-filter_dk-filter_c

@@ -0,0 +1,33 @@
+$OpenBSD: patch-dk-filter_dk-filter_c,v 1.1.1.1 2006/07/31 12:35:07 jakob Exp $
+--- dk-filter/dk-filter.c.orig	Fri May 19 23:42:05 2006
++++ dk-filter/dk-filter.c	Tue Jun 20 09:03:16 2006
+@@ -2782,7 +2782,7 @@ main(int argc, char **argv)
+ 	const char *args = CMDLINEOPTS;
+ 	FILE *f;
+ 	char *be = NULL;
+-	char *become = NULL;
++	char *become = "_dk-milter";
+ 	char *domlist = NULL;
+ 	char *mtalist = NULL;
+ 	char *p;
+@@ -3492,6 +3492,20 @@ main(int argc, char **argv)
+ 		}
+ 
+ 		(void) endpwent();
++
++		if (setgid(pw->pw_gid) != 0)
++		{
++			if (dolog)
++			{
++				syslog(LOG_ERR, "setgid(): %s",
++				       strerror(errno));
++			}
++
++			fprintf(stderr, "%s: setgid(): %s\n", progname,
++			        strerror(errno));
++
++			return EX_NOPERM;
++		}
+ 
+ 		if (setuid(pw->pw_uid) != 0)
+ 		{

mail/dk-milter/pkg/DESCR

@@ -0,0 +1,2 @@
+The dk-milter package is an open source implementation of the DomainKeys
+sender authentication system proposed by Yahoo!, Inc.

mail/dk-milter/pkg/MESSAGE

@@ -0,0 +1,57 @@
+(1) Configure sendmail:
+  (a) Choose a socket at which the MTA and the filter will rendezvous
+      (see the documentation in libmilter for details)
+  (b) Add a line like this example to your sendmail.mc using your desired
+      socket specification:
+	INPUT_MAIL_FILTER(`dk-filter', `S=inet:8891@localhost')
+  (c) Rebuild your sendmail.cf in the usual way
+
+(2) Choose a selector name.  Current convention is to use the hostname
+    (hostname only, not the fully-qualified domain name) of the host that
+    will be providing the service, but you are free to choose any name you
+    wish, especially if you have a selector assignment scheme in mind.
+
+(3) Either:
+  (a) Run the script gentxt.csh.  This will generate a public and private
+      key in PEM format and output a TXT record appropriate for insertion
+      into your DNS zone file.  Insert it in your zone file and reload your
+      DNS system so the data is published.
+	-OR-
+  (b) Manually generate a public and private key:
+    (i)   % openssl genrsa -out rsa.private 512
+    (ii)  % openssl rsa -in rsa.private -out rsa.public -pubout -outform PEM
+    (iii) Add a TXT DNS record containing the base64 encoding of your public
+          key, which is everything between the BEGIN and END lines in the
+          rsa.public file generated above, with spaces and newlines removed.
+          It should be in this form:
+
+	  "g=; k=rsa; t=y; p=MFwwDQYJ...AwEAAQ=="
+
+          ...using, of course, your own public key's base64 data.  The name of
+          the TXT record should be SELECTOR._domainkey.example.com (where
+          "SELECTOR" is the name you chose and "example.com" is your domain
+          name).  You might want to set a short TTL on this record.  Reload
+          your nameserver so that the record gets published.  For a translation
+          of the parameter and value pairs shown here, see the draft spec;
+          basically this just announces an RSA public key and also declares
+          that your site is using this key in test mode so nobody should take
+          any real action based on success or failure of the use of this key to
+          verify a message.
+
+(4) Store the private key in a safe place.  We generally use a path like
+    /var/db/domainkeys/SELECTOR.key.pem (where "SELECTOR" is the name you
+    chose).
+
+(5) Start dk-filter.  You will need at least the "-p" option.  The current
+    recommended set of command line options is:
+
+	-l -p SOCKETSPEC -d DOMAIN -s KEYPATH -S SELECTOR
+
+    ...where SOCKETSPEC is the socket you told sendmail to use above,
+    DOMAIN is the domain or set of domains for which you want to sign
+    mail, KEYPATH is the path to the private key file you generated, and
+    SELECTOR is the selector name you picked.  You can tack "-f" on there
+    if you want it to run in the foreground instead of in the background
+    as a daemon.
+
+(7) Restart sendmail.

mail/dk-milter/pkg/PLIST

@@ -0,0 +1,7 @@
+@comment $OpenBSD: PLIST,v 1.1.1.1 2006/07/31 12:35:07 jakob Exp $
+@newgroup _dk-milter:567
+@newuser _dk-milter:567:_dk-milter:daemon:dk-milter Account:/nonexistent:/sbin/nologin
+libexec/dk-filter
+@man man/man8/dk-filter.8
+share/examples/dk-milter/
+share/examples/dk-milter/gentxt.csh