Feature changed by: Ihno Krumreich (ihno) Feature #310517, revision 22 Title: DKIM and DomainKeys support openSUSE-11.4: Rejected by Milisav Radmanic (radmanic) reject date: 2011-04-21 15:13:54 reject reason: 11.4 is obviously already released Priority Requester: Desirable Requested by: Peter Bowen (pzb) Product Manager: Federico Lucifredi (flucifredi) Partner organization: openSUSE.org Description: Most of the large email service providers (gmail, yahoo, hotmail/live, aol, ...) are using DKIM checking as part of their anti-spam filtering systems. We should make it very easy for users to configure their mail server to sign mail as it goes out. References: packages: yast2-mail postfix Business case (Partner benefit): openSUSE.org: DKIM is now widely adopted by all major E-Mail providers and is considered a key check in anit-spam systems. While many people and organizations deploy one of the big integrated mail solutions or use a hosted solution, some just want good, old, plain SMTP. We should help these people, to get highest level of security directly with their operating system of choice. Discussion: #4: Masim Sugianto (vavai) (2010-09-19 02:09:42) It would be great to integrating DKIM and DomainKeys support into openSUSE. #6: Peter Varkoly (varkoly) (2011-06-08 13:54:32) Now I've analyzed the possibilities how to integrate DKIM into our mail setup. There is a big difference between using DKIM to verify incoming messages and using DKIM to sign outbound messages. Furthermore there are different ways to implement both solutions. 1. amavisd-new uses the perl DKIM module for both incoming and outbound messages. 2. There is a dkim-proxy module which can be used as smtp proxy for both incoming and outbound messages. 3. There is a dkim-filter module wich can be used as smtpd_milters. 4. SpamAssassin can score DKIM signed mails. The implementation of using DKIM to verify incoming messages is very simple using 4.: * Configuring postfix to use amavisd * Installing perl-Mail-DKIM * Set some rules in spamassassin Implementation of signing outbound messages is very complex * Configuring postfix to provide a service for verified outbounding mails. This can be "submission" or a smtp port on a dedicated IP- address. This service must only accept autorized mails (sasl, mynetwork). * This service must bypass the authorized mails to a service which can sign this mail. The signing can be amavis, dkim-proxy or dkim-filter. * The signing service must be configured too. E.a. the domain key must be generated and the public key of the domain key must be published via dns. * In case of having DNS server on the same server or in ldap we can create the neccessary DNS TXT Record too via YaPI::DNSD * Having more mail domains we can define for each domain a separate key. In any case we have to define which key will be used for which domain. * It is also possible to define more secure keys which can assigned to user. The modules perl-Mail-DKIM and dkimproxy are allready part of SLE11. Only if we'll use dkim-filter we need a ney package for SLE11. Release Notes: Activating DKIM Support Solution: After a new installation of SLES-11-SP2 this new feature is enabled when the mail system was configured with using amavis. Updating from SLES-11-SP1 this feature must be enabled by editing - /etc/mail/spamassassin/v312.pre The comment sign # must be removed from - the last line: + /etc/mail/spamassassin/v312.pre . The comment sign # must be removed + from the last line: before: #loadplugin Mail::SpamAssassin::Plugin::DKIM after: loadplugin Mail::SpamAssassin::Plugin::DKIM -- openSUSE Feature: https://features.opensuse.org/310517