DomainKey signature verification plugin for qpsmtpd


SMTP is traditionally vulnerable to forgery of the sender's email address; unfortunately, this weakness is often exploited by spammers, virus writers and con-artists to cover their tracks or fool their prey. While the WWW has had SSL to protect its users from malicious forgery, email servers have had little recourse. DomainKeys is one of a few standards track Internet protocols designed to prevent such forgery at the SMTP level.

This plugin uses the Mail::DomainKeys perl library to verify incoming DomainKey signed mail for qpsmtpd.


domainkeys hooks into the data_post segment of the SMTP transaction. Once given a reference to the RFC2822 data, it coerces it as requested by the sender, then validates the embedded RSA signature. Messages that are signed correctly by the sending domain's private key are allowed to continue on their way. Messages that do not pass are rejected when requested by the sender's domain.


  1. Install the Mail::DomainKeys perl library.
  2. Untar the sources:
  3. # tar -zxf domainkeys-0.90.tar.gz
  4. Change into the source directory:
    # cd domainkeys-0.90
  5. Install it:
  6. # cp domainkeys /path/to/qpsmtpd/plugins/
  7. Add the following as the last line in the plugins config:
  8. # echo "domainkeys" >>/path/to/qpsmtpd/config/plugins
  9. Restart qpsmtpd.

Configuration Directives: