Skip to main content


Last updated March 2020


msys.validate.opendkim.sign — Sign a message using OpenDKIM


msys.validate.opendkim.sign(msg, vctx, options)

msg: userdata, ec_message type
vctx: userdata, validate_context type
options: table, optional


This function signs a message using a signature generated by OpenDKIM. It requires the opendkim module.

Enable this function with the statement require('msys.validate.opendkim');.

It takes the following parameters:

  • msg – mail message to sign

  • vctx – validation context

  • options – table that allows the caller to override the following options:

    • base_domain/signing_domain – default signing domain

      These two parameters are synonyms for one another, each will have the same effect.

    • header_canon – default header canonicalization setting

    • body_canon – default body canonicalization setting

    • digest – default digest setting

    • headerlist – default list of headers to sign

    • identity – default signing identity

    • selector – default signing selector

    • keyfile – default signing key file, which may be parameterized as defined in “opendkim – Open Source DKIM”)

    • keybuf – default signing key

      This hash entry must contain the PEM encoded private key to use for signing the messages. This must be a contiguous string, with no line breaks and no white space, without the BEGIN and END tags that are found in the key file itself. The format is similar to the format used to store the public key in the DKIM DNS records.

    • body_length_limit – default body_length_limit setting


This function should only be invoked during the core_final_validation hook.


local mod ={};

function mod:core_final_validation(msg, accept, vctx)
  local responsible = table.concat(msg:address_header('Sender'), ' ')
  if responsible == nil then
    responsible = table.concat(msg:address_header('From'), ' ')

  if (string.find(responsible, '', 1)) then
    local base_domain = '';
    local header_canon = 'relaxed';
    local body_canon = 'relaxed';
    local digest = 'rsa-sha1';
    local identity = '\';
    local selector = 'dkim-s1024';
    local key_file = '/opt/msys/ecelerity/etc/conf/default/dk/';
    local body_length_limit = 0;

    local options = {};
    options["base_domain"] = base_domain
    options["header_canon"] = header_canon
    options["body_canon"] = body_canon
    options["digest"] = digest
    options["selector"] = selector
    options["keyfile"] = key_file
    options["identity"] = identity

    msys.validate.opendkim.sign(msg, vctx, options);
  return msys.core.VALIDATE_CONT;

msys.registerModule("automation", mod);

See Also

Was this page helpful?