Feature changed by: Peter Varkoly (varkoly) Feature #310517, revision 12 Title: DKIM and DomainKeys support openSUSE-11.4: Rejected by Milisav Radmanic (radmanic) reject date: 2011-04-21 15:13:54 reject reason: 11.4 is obviously already released Priority Requester: Desirable Info Provider: (Novell) Requested by: Peter Bowen (pzb) Product Manager: (Novell) Project Manager: (Novell) Engineering Manager: (Novell) Developer: (Novell) Technical Contact: (Novell) Partner organization: openSUSE.org Description: Most of the large email service providers (gmail, yahoo, hotmail/live, aol, ...) are using DKIM checking as part of their anti-spam filtering systems. We should make it very easy for users to configure their mail server to sign mail as it goes out. References: packages: yast2-mail postfix Business case (Partner benefit): openSUSE.org: DKIM is now widely adopted by all major E-Mail providers and is considered a key check in anit-spam systems. While many people and organizations deploy one of the big integrated mail solutions or use a hosted solution, some just want good, old, plain SMTP. We should help these people, to get highest level of security directly with their operating system of choice. Discussion: #4: Masim Sugianto (vavai) (2010-09-19 02:09:42) It would be great to integrating DKIM and DomainKeys support into openSUSE. + #6: Peter Varkoly (varkoly) (2011-06-08 13:54:32) + Now I've analyzed the possibilities how to integrate DKIM into our mail + setup. There is a big difference between using DKIM to verify incoming + messages and using DKIM to sign outbound messages. Furthermore there + are different ways to implement both solutions. + 1. amavisd-new uses the perl DKIM module for both incoming and outbound + messages. + 2. There is a dkim-proxy module which can be used as smtp proxy for + both incoming and outbound messages. + 3. There is a dkim-filter module wich can be used as smtpd_milters. + 4. SpamAssassin can score DKIM signed mails. + The implementation of using DKIM to verify incoming messages is very + simple using 4.: + * Configuring postfix to use amavisd + * Installing perl-Mail-DKIM + * Set some rules in spamassassin + Implementation of signing outbound messages is very complex + * Configuring postfix to provide a service for verified outbounding + mails. This can be "submission" or a smtp port on a dedicated IP- + address. This service must only accept autorized mails (sasl, + mynetwork). + * This service must bypass the authorized mails to a service which can + sign this mail. The signing can be amavis, dkim-proxy or dkim-filter. + * The signing service must be configured too. E.a. the domain key must + be generated and the public key of the domain key must be published via + dns. + * In case of having DNS server on the same server or in ldap we can + create the neccessary DNS TXT Record too via YaPI::DNSD + * Having more mail domains we can define for each domain a separate + key. In any case we have to define which key will be used for which + domain. + * It is also possible to define more secure keys which can assigned to + user. + The modules perl-Mail-DKIM and dkimproxy are allready part of SLE11. + Only if we'll use dkim-filter we need a ney package for SLE11. -- openSUSE Feature: https://features.opensuse.org/310517