This page documents PhoenixDKIM, a maintained fork of OpenDKIM. Options may differ from the original.
NAME
phoenixdkim-testmsg - DKIM message test tool
SYNOPSIS
phoenixdkim-testmsg [-C] [-d domain] [-K] [-k keypath] [-s selector] [-t path] [-v]
DESCRIPTION
phoenixdkim-testmsg signs or verifies an input message. This is similar to the test mode for phoenixdkim(8) except that it does not use the same configuration system or milter interface. Rather, it is a direct access to the DKIM library with those functions out of the way.
The message is read from standard input. In signing mode, the complete signed message will then be written to standard output. When verifying, there will be no output on success unless -v is given, in which case a summary of the signature that was evaluated is printed; a verification failure is always reported and reflected in the exit status.
To sign a message, the -d, -k and -s options must all be provided. If all of them are absent, the input message will be verified. If some but not all are present, an error is returned.
Both RSA and Ed25519 private keys are supported.
OPTIONS
|
-C |
If specified, the signature header field generated in signing mode will be line-terminated with carriage-return line-feed, instead of just line-feed. |
-d domain
Names the domain in which signing is to be done. More specifically, names the domain in which the public key matching the provided private key would be found in a live test.
|
-K |
Arranges to keep temporary files generated during message canonicalization for debugging purposes. |
-k keypath
Specifies the path to the private key file which should be used to sign the input message.
-s selector
Names the selector within the specified domain that should be included in the signature.
-t path
Specifies the directory in which temporary files are to be created. The default is /tmp.
|
-v |
Increases verbosity. In verify mode this reports, for the signature that was evaluated, the signing domain and selector, the signing algorithm, the header and body canonicalization pair, the key size, whether the body hash matched, the signature timestamp, the DNSSEC disposition of the key record, and the overall pass/fail result. |
EXIT STATUS
In verify mode the exit status is EX_OK (0) when the signature verifies and EX_DATAERR (65) when a signature was evaluated but did not pass (bad signature, missing or revoked key). A message carrying no signature, along with other library and I/O errors, yields one of the other sysexits (3) codes.
VERSION
This man page covers the version of phoenixdkim-testmsg that shipped with version 1.0.0 of PhoenixDKIM.
COPYRIGHT
Copyright (c)
2009-2015, The Trusted Domain Project.
Copyright (c) 2026, PhoenixDKIM contributors.
All rights reserved.
SEE ALSO
phoenixdkim(8), phoenixdkim-genkey(8), phoenixdkim-testkey(8)
RFC 6376 - DomainKeys Identified Mail
RFC 8463 - A New Cryptographic Signature Method for DomainKeys Identified Mail (Ed25519)
This document was generated from the PhoenixDKIM 1.0.0 manual pages using groff.
Time: Thu Jun 4 22:15:06 2026