Mailinglist Archive: opensuse-features (157 mails)
| < Previous | Next > |
[openFATE 310517] DKIM and DomainKeys support
- From: fate_noreply@xxxxxxx
- Date: Wed, 7 Mar 2012 13:09:50 +0100 (CET)
- Message-id: <feature-310517-23@keeper.suse.de>
Feature changed by: Karl Eichwalder (keichwa)
Feature #310517, revision 23
Title: DKIM and DomainKeys support
openSUSE-11.4: Rejected by Milisav Radmanic (radmanic)
reject date: 2011-04-21 15:13:54
reject reason: 11.4 is obviously already released
Priority
Requester: Desirable
Requested by: Peter Bowen (pzb)
Product Manager: Federico Lucifredi (flucifredi)
Partner organization: openSUSE.org
Description:
Most of the large email service providers (gmail, yahoo, hotmail/live,
aol, ...) are using DKIM checking as part of their anti-spam filtering
systems. We should make it very easy for users to configure their mail
server to sign mail as it goes out.
References:
packages: yast2-mail postfix
Business case (Partner benefit):
openSUSE.org: DKIM is now widely adopted by all major E-Mail providers
and is considered a key check in anit-spam systems. While many people
and organizations deploy one of the big integrated mail solutions or
use a hosted solution, some just want good, old, plain SMTP. We should
help these people, to get highest level of security directly with their
operating system of choice.
Discussion:
#4: Masim Sugianto (vavai) (2010-09-19 02:09:42)
It would be great to integrating DKIM and DomainKeys support into
openSUSE.
#6: Peter Varkoly (varkoly) (2011-06-08 13:54:32)
Now I've analyzed the possibilities how to integrate DKIM into our mail
setup. There is a big difference between using DKIM to verify incoming
messages and using DKIM to sign outbound messages. Furthermore there
are different ways to implement both solutions.
1. amavisd-new uses the perl DKIM module for both incoming and outbound
messages.
2. There is a dkim-proxy module which can be used as smtp proxy for
both incoming and outbound messages.
3. There is a dkim-filter module wich can be used as smtpd_milters.
4. SpamAssassin can score DKIM signed mails.
The implementation of using DKIM to verify incoming messages is very
simple using 4.:
* Configuring postfix to use amavisd
* Installing perl-Mail-DKIM
* Set some rules in spamassassin
Implementation of signing outbound messages is very complex
* Configuring postfix to provide a service for verified outbounding
mails. This can be "submission" or a smtp port on a dedicated IP-
address. This service must only accept autorized mails (sasl,
mynetwork).
* This service must bypass the authorized mails to a service which can
sign this mail. The signing can be amavis, dkim-proxy or dkim-filter.
* The signing service must be configured too. E.a. the domain key must
be generated and the public key of the domain key must be published via
dns.
* In case of having DNS server on the same server or in ldap we can
create the neccessary DNS TXT Record too via YaPI::DNSD
* Having more mail domains we can define for each domain a separate
key. In any case we have to define which key will be used for which
domain.
* It is also possible to define more secure keys which can assigned to
user.
The modules perl-Mail-DKIM and dkimproxy are allready part of SLE11.
Only if we'll use dkim-filter we need a ney package for SLE11.
Release Notes: Activating DKIM Support
Solution:
- After a new installation of SLES-11-SP2 this new feature is enabled
- when the mail system was configured with using amavis.
- Updating from SLES-11-SP1 this feature must be enabled by editing
+ After a new installation of SLES 11 SP2 this feature is enabled, if the
+ mail system is configured with using amavis.
+ When updating from SLES 11 SP1 this feature must be enabled by editing
/etc/mail/spamassassin/v312.pre . The comment sign # must be removed
- from the last line:
- before:
+ from the last line. Before:
#loadplugin Mail::SpamAssassin::Plugin::DKIM
- after:
+ After:
loadplugin Mail::SpamAssassin::Plugin::DKIM
--
openSUSE Feature:
https://features.opensuse.org/310517
Feature #310517, revision 23
Title: DKIM and DomainKeys support
openSUSE-11.4: Rejected by Milisav Radmanic (radmanic)
reject date: 2011-04-21 15:13:54
reject reason: 11.4 is obviously already released
Priority
Requester: Desirable
Requested by: Peter Bowen (pzb)
Product Manager: Federico Lucifredi (flucifredi)
Partner organization: openSUSE.org
Description:
Most of the large email service providers (gmail, yahoo, hotmail/live,
aol, ...) are using DKIM checking as part of their anti-spam filtering
systems. We should make it very easy for users to configure their mail
server to sign mail as it goes out.
References:
packages: yast2-mail postfix
Business case (Partner benefit):
openSUSE.org: DKIM is now widely adopted by all major E-Mail providers
and is considered a key check in anit-spam systems. While many people
and organizations deploy one of the big integrated mail solutions or
use a hosted solution, some just want good, old, plain SMTP. We should
help these people, to get highest level of security directly with their
operating system of choice.
Discussion:
#4: Masim Sugianto (vavai) (2010-09-19 02:09:42)
It would be great to integrating DKIM and DomainKeys support into
openSUSE.
#6: Peter Varkoly (varkoly) (2011-06-08 13:54:32)
Now I've analyzed the possibilities how to integrate DKIM into our mail
setup. There is a big difference between using DKIM to verify incoming
messages and using DKIM to sign outbound messages. Furthermore there
are different ways to implement both solutions.
1. amavisd-new uses the perl DKIM module for both incoming and outbound
messages.
2. There is a dkim-proxy module which can be used as smtp proxy for
both incoming and outbound messages.
3. There is a dkim-filter module wich can be used as smtpd_milters.
4. SpamAssassin can score DKIM signed mails.
The implementation of using DKIM to verify incoming messages is very
simple using 4.:
* Configuring postfix to use amavisd
* Installing perl-Mail-DKIM
* Set some rules in spamassassin
Implementation of signing outbound messages is very complex
* Configuring postfix to provide a service for verified outbounding
mails. This can be "submission" or a smtp port on a dedicated IP-
address. This service must only accept autorized mails (sasl,
mynetwork).
* This service must bypass the authorized mails to a service which can
sign this mail. The signing can be amavis, dkim-proxy or dkim-filter.
* The signing service must be configured too. E.a. the domain key must
be generated and the public key of the domain key must be published via
dns.
* In case of having DNS server on the same server or in ldap we can
create the neccessary DNS TXT Record too via YaPI::DNSD
* Having more mail domains we can define for each domain a separate
key. In any case we have to define which key will be used for which
domain.
* It is also possible to define more secure keys which can assigned to
user.
The modules perl-Mail-DKIM and dkimproxy are allready part of SLE11.
Only if we'll use dkim-filter we need a ney package for SLE11.
Release Notes: Activating DKIM Support
Solution:
- After a new installation of SLES-11-SP2 this new feature is enabled
- when the mail system was configured with using amavis.
- Updating from SLES-11-SP1 this feature must be enabled by editing
+ After a new installation of SLES 11 SP2 this feature is enabled, if the
+ mail system is configured with using amavis.
+ When updating from SLES 11 SP1 this feature must be enabled by editing
/etc/mail/spamassassin/v312.pre . The comment sign # must be removed
- from the last line:
- before:
+ from the last line. Before:
#loadplugin Mail::SpamAssassin::Plugin::DKIM
- after:
+ After:
loadplugin Mail::SpamAssassin::Plugin::DKIM
--
openSUSE Feature:
https://features.opensuse.org/310517
| < Previous | Next > |