Hi,I configured my mail server to sign outgoing emails with domainkeys, but I don't know how to sign mails sent with php mail()
I'm using ubuntu server with postfix.
Any ideas?

Denes

Try something like this:

$headers .= "DomainKey-Signature: a=rsa-sha1; s=mail; d=mydomain.com; h=From; q=dns; c=simple; b=$dkey;\n";

$success = mail( $to , $subject , $body , $headers );

Where the $dkey should be the signature, right? But how do I get the signature?

Denes

I think this could be the contents of your public key.

I don't get it. Souldn't the mail be signed with the key? You just attach it to the header?

Denes

I'm not sure, I haven't tried this yet...

falco, no offence but what was the point in responding to a thread when you have no idea what your're talking about?

There is more to signing than what falko is offering, what happens with domain keys is actually a cryptographic procedure, you have two keys the public and private key, the mail gets signed using a private key, and the recipient then verifies the email using the public key in DNS.

The header that is added is a values obtained by signing the email message openssl dgst -sign rsa.private -sha1 <input.file

The problem is this value will be incorrect as the email has not been handed to the MTA yet, the MTA could modify the format of the email meaning all your emails will be rejected at the destination as the verification will fail due to modification by the MTA.

There are option two options i recommend

1. Point PHP to use an MTA and let the MTA do the signing
2. Use a PHP class that uses SMTP instead of using the mail command.

Take a read at the RFC's if you want to get more clued up on it.

http://tools.ietf.org/html/rfc4870 (Domainkeys)
http://tools.ietf.org/html/rfc4871 (DKIM)

falco, no offence but what was the point in responding to a thread when you have no idea what your're talking about?
I haven't tried PHP's mail() function with DomainKeys, but I've found the contents from my first post in this thread (#2) on another site. That's why I tried to help - not sure if this is a bad thing. Of course, I could've left your post unanswered, but I think that would've left you more frustrated. I'm just trying to be nice...