Skip to main content


msys.validate.opendkim.sign — Sign a message using OpenDKIM


msys.validate.opendkim.sign(msg, vctx, options)

msg: userdata, ec_message type
vctx: userdata, validate_context type
options: table, optional


**Configuration Change. ** This function is available as of version 3.6.

This function requires the opendkim module. This function requires the opendkim module. msg is a mail message. vctx is the validation context. It signs the message msg using a signature generated by OpenDKIM. options is a table which allows the caller to override the following options:

  • base_domain/signing_domain override the default signing domain. These two parameters are synonyms for one another, each will have the same effect.

  • header_canon – override the default header canonicalization setting.

  • body_canon – override the default body canonicalization setting.

  • digest – override the default digest setting.

  • headerlist – override the default list of headers to sign.

  • identity – override the default signing identity.

  • selector – override the default signing selector

  • keyfile – override the default signing key file, which may be parameterized as defined in “dkim – DomainKeys Identified Mail Signatures”.

  • keybuf – override the default signing key. This hash entry must contain the PEM encoded private key to use for signing the messages. This must be a contiguous string, with no line breaks and no white space, without the BEGIN and END tags that are found in the key file itself. The format is similar to the format used to store the public key in the DKIM DNS records.

  • body_length_limit – override the default body_length_limit setting.


local mod ={};

function mod:core_final_validation(msg, accept, vctx)
  local responsible = table.concat(msg:address_header('Sender'), ' ')
  if responsible == nil then
    responsible = table.concat(msg:address_header('From'), ' ')

  if (string.find(responsible, '', 1)) then
    local base_domain = '';
    local header_canon = 'relaxed';
    local body_canon = 'relaxed';
    local digest = 'rsa-sha1';
    local identity = '\';
    local selector = 'dkim-s1024';
    local key_file = '/opt/msys/ecelerity/etc/conf/default/dk/';
    local body_length_limit = 0;

    local options = {};
    options["base_domain"] = base_domain
    options["header_canon"] = header_canon
    options["body_canon"] = body_canon
    options["digest"] = digest
    options["selector"] = selector
    options["keyfile"] = key_file
    options["identity"] = identity

    msys.validate.opendkim.sign(msg, vctx, options);
  return msys.core.VALIDATE_CONT;

msys.registerModule("automation", mod);


This function should only be invoked during the core_final_validation hook.

Enable this function with the statement require('msys.validate.opendkim');.

See Also

Was this page helpful?