$ doas pkg_add dkimproxy
$ openssl genrsa -out ~/private.key 1024
$ openssl rsa -in ~/private.key -pubout -out ~/public.key
$ doas mkdir /etc/dkimproxy
$ doas mv ~/{public,private}.key /etc/dkimproxy/
$ doas chown -R _dkimproxy:_dkimproxy /etc/dkimproxy*
/etc/dkimproxy_out.conf:
# specify what address/port DKIMproxy should listen on
listen 127.0.0.1:10027
# specify what address/port DKIMproxy forwards mail to
relay 127.0.0.1:10028
# specify what domains DKIMproxy can sign for (comma-separated, no spaces)
domain ircnow.org,mail.ircnow.org,lecturify.com
# specify what signatures to add
signature dkim(c=relaxed)
signature domainkeys(c=nofws)
# specify location of the private key
keyfile /etc/dkimproxy/private.key
# specify the selector (i.e. the name of the key record put in DNS)
selector mail1
# control how many processes DKIMproxy uses
# - more information on these options (and others) can be found by
# running `perldoc Net::Server::PreFork'.
#min_servers 5
#min_spare_servers 2
reject-error
$ doas rcctl enable dkimproxy_out
$ doas rcctl start dkimproxy_out