March 26, 2020 Contributors


msys.validate.opendkim.verify — Verify a DKIM signature



msg: userdata, ec_message type


**Configuration Change. ** This function is available as of version 3.6.

This function requires the opendkim module. It verifies a DKIM signature and returns a DKIM handle to context-specific information about the message. Typically you would pass the return value of this function to other functions such as msys.validate.opendkim.get_num_sigs and msys.validate.opendkim.get_sig.

local mod = {};

function mod:validate_data(msg, accept, vctx)
  local num = 0;
  local stat;
  local dkim_sig;
  local dkim = msys.validate.opendkim.verify(msg);
  num, stat = msys.validate.opendkim.get_num_sigs(dkim);
  -- create loop controlled by num 
  if num > 0 then
    for i = 0, num-1 do
      dkim_sig = msys.validate.opendkim.get_sig(dkim, i);
      -- now do something with the signature
      local size = msys.validate.opendkim.get_sig_keysize(dkim_sig);
      if size < 1024 then
  return msys.core.VALIDATE_CONT;
msys.registerModule("test_opendkim", mod);


This function should only be invoked in the validate_data validation phase.

This function also returns the DKIM status (DKIM_STAT). DKIM_STAT can be any one of the following values:

  • DKIM_STAT_OK – successful completion

  • DKIM_STAT_BADSIG – signature did not match headers and body

  • DKIM_STAT_NOSIG – no signature present

  • DKIM_STAT_NOKEY – no key available for verifying

  • DKIM_STAT_CANTVRFY – can’t get key for verifying

  • DKIM_STAT_SYNTAX – message is not in valid syntax

  • DKIM_STAT_NORESOURCE – resource unavailable

  • DKIM_STAT_INTERNAL – internal error

  • DKIM_STAT_REVOKED – signing key revoked

  • DKIM_STAT_INVALID – invalid parameter(s)

  • DKIM_STAT_NOTIMPLEMENT – function not implemented

  • DKIM_STAT_KEYFAIL – key retrieval failed (try again later)

  • DKIM_STAT_CBREJECT – callback requested message rejection

  • DKIM_STAT_CBTRYAGAIN – callback can’t complete (try again later)

  • DKIM_STAT_CBERROR – unspecified callback error

Enable this function with the statement require('msys.validate.opendkim');.

See Also

msys.validate.opendkim.get_sig_canons, msys.validate.opendkim.sign, msys.validate.opendkim.get_num_sigs, msys.validate.opendkim.get_sig, msys.validate.opendkim.get_sig_domain, msys.validate.opendkim.get_sig_selector, msys.validate.opendkim.get_sig_errorstr, msys.validate.opendkim.get_sig_flags, msys.validate.opendkim.get_sig_identity, msys.validate.opendkim.get_sig_keysize, msys.validate.opendkim.get_sig_signalg, msys.validate.opendkim.get_sig_hdrsigned, msys.validate.opendkim.get_sig_canons, “opendkim – OpenDKIM module” and “dkim – DomainKeys Identified Mail Signatures”