Feature changed by: Peter Bowen (pzb) Feature #310517, revision 3 Title: DKIM and DomainKeys support openSUSE-11.4: Evaluation Priority Requester: Desirable Info Provider: (Novell) - Info Provider: (Novell) Requested by: Peter Bowen (pzb) Description: Most of the large email service providers (gmail, yahoo, hotmail/live, aol, ...) are using DKIM checking as part of their anti-spam filtering systems. We should make it very easy for users to configure their mail server to sign mail as it goes out. -- openSUSE Feature: https://features.opensuse.org/310517

Feature changed by: Masim Sugianto (vavai) Feature #310517, revision 5 Title: DKIM and DomainKeys support openSUSE-11.4: Evaluation Priority Requester: Desirable Info Provider: (Novell) Requested by: Peter Bowen (pzb) Partner organization: openSUSE.org Description: Most of the large email service providers (gmail, yahoo, hotmail/live, aol, ...) are using DKIM checking as part of their anti-spam filtering systems. We should make it very easy for users to configure their mail server to sign mail as it goes out. Business case (Partner benefit): openSUSE.org: DKIM is now widely adopted by all major E-Mail providers and is considered a key check in anit-spam systems. While many people and organizations deploy one of the big integrated mail solutions or use a hosted solution, some just want good, old, plain SMTP. We should help these people, to get highest level of security directly with their operating system of choice. + Discussion: + #4: Masim Sugianto (vavai) (2010-09-19 02:09:42) + It would be great to integrating DKIM and DomainKeys support into + openSUSE. -- openSUSE Feature: https://features.opensuse.org/310517

Feature changed by: Milisav Radmanic (radmanic) Feature #310517, revision 9 Title: DKIM and DomainKeys support openSUSE-11.4: Evaluation by product manager Priority Requester: Desirable Info Provider: (Novell) Requested by: Peter Bowen (pzb) Product Manager: (Novell) Project Manager: (Novell) Engineering Manager: (Novell) + Developer: (Novell) Technical Contact: (Novell) Partner organization: openSUSE.org Description: Most of the large email service providers (gmail, yahoo, hotmail/live, aol, ...) are using DKIM checking as part of their anti-spam filtering systems. We should make it very easy for users to configure their mail server to sign mail as it goes out. Business case (Partner benefit): openSUSE.org: DKIM is now widely adopted by all major E-Mail providers and is considered a key check in anit-spam systems. While many people and organizations deploy one of the big integrated mail solutions or use a hosted solution, some just want good, old, plain SMTP. We should help these people, to get highest level of security directly with their operating system of choice. Discussion: #4: Masim Sugianto (vavai) (2010-09-19 02:09:42) It would be great to integrating DKIM and DomainKeys support into openSUSE. -- openSUSE Feature: https://features.opensuse.org/310517

Feature changed by: Milisav Radmanic (radmanic) Feature #310517, revision 11 Title: DKIM and DomainKeys support - openSUSE-11.4: Evaluation by product manager + openSUSE-11.4: Rejected by Milisav Radmanic (radmanic) + reject date: 2011-04-21 15:13:54 + reject reason: 11.4 is obviously already released Priority Requester: Desirable Info Provider: (Novell) Requested by: Peter Bowen (pzb) Product Manager: (Novell) Project Manager: (Novell) Engineering Manager: (Novell) Developer: (Novell) Technical Contact: (Novell) Partner organization: openSUSE.org Description: Most of the large email service providers (gmail, yahoo, hotmail/live, aol, ...) are using DKIM checking as part of their anti-spam filtering systems. We should make it very easy for users to configure their mail server to sign mail as it goes out. References: packages: yast2-mail postfix Business case (Partner benefit): openSUSE.org: DKIM is now widely adopted by all major E-Mail providers and is considered a key check in anit-spam systems. While many people and organizations deploy one of the big integrated mail solutions or use a hosted solution, some just want good, old, plain SMTP. We should help these people, to get highest level of security directly with their operating system of choice. Discussion: #4: Masim Sugianto (vavai) (2010-09-19 02:09:42) It would be great to integrating DKIM and DomainKeys support into openSUSE. -- openSUSE Feature: https://features.opensuse.org/310517

Feature changed by: Peter Varkoly (varkoly) Feature #310517, revision 16 Title: DKIM and DomainKeys support openSUSE-11.4: Rejected by Milisav Radmanic (radmanic) reject date: 2011-04-21 15:13:54 reject reason: 11.4 is obviously already released Priority Requester: Desirable Requested by: Peter Bowen (pzb) Partner organization: openSUSE.org Description: Most of the large email service providers (gmail, yahoo, hotmail/live, aol, ...) are using DKIM checking as part of their anti-spam filtering systems. We should make it very easy for users to configure their mail server to sign mail as it goes out. References: packages: yast2-mail postfix Business case (Partner benefit): openSUSE.org: DKIM is now widely adopted by all major E-Mail providers and is considered a key check in anit-spam systems. While many people and organizations deploy one of the big integrated mail solutions or use a hosted solution, some just want good, old, plain SMTP. We should help these people, to get highest level of security directly with their operating system of choice. Discussion: #4: Masim Sugianto (vavai) (2010-09-19 02:09:42) It would be great to integrating DKIM and DomainKeys support into openSUSE. #6: Peter Varkoly (varkoly) (2011-06-08 13:54:32) Now I've analyzed the possibilities how to integrate DKIM into our mail setup. There is a big difference between using DKIM to verify incoming messages and using DKIM to sign outbound messages. Furthermore there are different ways to implement both solutions. 1. amavisd-new uses the perl DKIM module for both incoming and outbound messages. 2. There is a dkim-proxy module which can be used as smtp proxy for both incoming and outbound messages. 3. There is a dkim-filter module wich can be used as smtpd_milters. 4. SpamAssassin can score DKIM signed mails. The implementation of using DKIM to verify incoming messages is very simple using 4.: * Configuring postfix to use amavisd * Installing perl-Mail-DKIM * Set some rules in spamassassin Implementation of signing outbound messages is very complex * Configuring postfix to provide a service for verified outbounding mails. This can be "submission" or a smtp port on a dedicated IP- address. This service must only accept autorized mails (sasl, mynetwork). * This service must bypass the authorized mails to a service which can sign this mail. The signing can be amavis, dkim-proxy or dkim-filter. * The signing service must be configured too. E.a. the domain key must be generated and the public key of the domain key must be published via dns. * In case of having DNS server on the same server or in ldap we can create the neccessary DNS TXT Record too via YaPI::DNSD * Having more mail domains we can define for each domain a separate key. In any case we have to define which key will be used for which domain. * It is also possible to define more secure keys which can assigned to user. The modules perl-Mail-DKIM and dkimproxy are allready part of SLE11. Only if we'll use dkim-filter we need a ney package for SLE11. + Release Notes: Activating DKIM support. + Solution: + After a new installation of SLES-11-SP2 this new feature is enabled + when the mail system was configured with using amavis. + Making an update from SLES-11-SP1 this feature must be enabled by + editing the file: /etc/mail/spamassassin/v312.pre The comment sign '#' + must be removed in the last line: + befor: #loadplugin Mail::SpamAssassin::Plugin::DKIM after: loadplugin + Mail::SpamAssassin::Plugin::DKIM -- openSUSE Feature: https://features.opensuse.org/310517

Feature changed by: Karl Eichwalder (keichwa) Feature #310517, revision 19 Title: DKIM and DomainKeys support openSUSE-11.4: Rejected by Milisav Radmanic (radmanic) reject date: 2011-04-21 15:13:54 reject reason: 11.4 is obviously already released Priority Requester: Desirable Requested by: Peter Bowen (pzb) Partner organization: openSUSE.org Description: Most of the large email service providers (gmail, yahoo, hotmail/live, aol, ...) are using DKIM checking as part of their anti-spam filtering systems. We should make it very easy for users to configure their mail server to sign mail as it goes out. References: packages: yast2-mail postfix Business case (Partner benefit): openSUSE.org: DKIM is now widely adopted by all major E-Mail providers and is considered a key check in anit-spam systems. While many people and organizations deploy one of the big integrated mail solutions or use a hosted solution, some just want good, old, plain SMTP. We should help these people, to get highest level of security directly with their operating system of choice. Discussion: #4: Masim Sugianto (vavai) (2010-09-19 02:09:42) It would be great to integrating DKIM and DomainKeys support into openSUSE. #6: Peter Varkoly (varkoly) (2011-06-08 13:54:32) Now I've analyzed the possibilities how to integrate DKIM into our mail setup. There is a big difference between using DKIM to verify incoming messages and using DKIM to sign outbound messages. Furthermore there are different ways to implement both solutions. 1. amavisd-new uses the perl DKIM module for both incoming and outbound messages. 2. There is a dkim-proxy module which can be used as smtp proxy for both incoming and outbound messages. 3. There is a dkim-filter module wich can be used as smtpd_milters. 4. SpamAssassin can score DKIM signed mails. The implementation of using DKIM to verify incoming messages is very simple using 4.: * Configuring postfix to use amavisd * Installing perl-Mail-DKIM * Set some rules in spamassassin Implementation of signing outbound messages is very complex * Configuring postfix to provide a service for verified outbounding mails. This can be "submission" or a smtp port on a dedicated IP- address. This service must only accept autorized mails (sasl, mynetwork). * This service must bypass the authorized mails to a service which can sign this mail. The signing can be amavis, dkim-proxy or dkim-filter. * The signing service must be configured too. E.a. the domain key must be generated and the public key of the domain key must be published via dns. * In case of having DNS server on the same server or in ldap we can create the neccessary DNS TXT Record too via YaPI::DNSD * Having more mail domains we can define for each domain a separate key. In any case we have to define which key will be used for which domain. * It is also possible to define more secure keys which can assigned to user. The modules perl-Mail-DKIM and dkimproxy are allready part of SLE11. Only if we'll use dkim-filter we need a ney package for SLE11. - Release Notes: Activating DKIM support. + Release Notes: Activating DKIM Support. Solution: After a new installation of SLES-11-SP2 this new feature is enabled when the mail system was configured with using amavis. - Making an update from SLES-11-SP1 this feature must be enabled by - editing the file: /etc/mail/spamassassin/v312.pre The comment sign '#' - must be removed in the last line: - befor: #loadplugin Mail::SpamAssassin::Plugin::DKIM - after: loadplugin Mail::SpamAssassin::Plugin::DKIM + Updating from SLES-11-SP1 this feature must be enabled by editing + /etc/mail/spamassassin/v312.pre The comment sign ' # ' must be removed + from the last line: + before: + #loadplugin Mail::SpamAssassin::Plugin::DKIM + after: + loadplugin Mail::SpamAssassin::Plugin::DKIM -- openSUSE Feature: https://features.opensuse.org/310517

Feature changed by: Karl Eichwalder (keichwa) Feature #310517, revision 21 Title: DKIM and DomainKeys support openSUSE-11.4: Rejected by Milisav Radmanic (radmanic) reject date: 2011-04-21 15:13:54 reject reason: 11.4 is obviously already released Priority Requester: Desirable Requested by: Peter Bowen (pzb) Partner organization: openSUSE.org Description: Most of the large email service providers (gmail, yahoo, hotmail/live, aol, ...) are using DKIM checking as part of their anti-spam filtering systems. We should make it very easy for users to configure their mail server to sign mail as it goes out. References: packages: yast2-mail postfix Business case (Partner benefit): openSUSE.org: DKIM is now widely adopted by all major E-Mail providers and is considered a key check in anit-spam systems. While many people and organizations deploy one of the big integrated mail solutions or use a hosted solution, some just want good, old, plain SMTP. We should help these people, to get highest level of security directly with their operating system of choice. Discussion: #4: Masim Sugianto (vavai) (2010-09-19 02:09:42) It would be great to integrating DKIM and DomainKeys support into openSUSE. #6: Peter Varkoly (varkoly) (2011-06-08 13:54:32) Now I've analyzed the possibilities how to integrate DKIM into our mail setup. There is a big difference between using DKIM to verify incoming messages and using DKIM to sign outbound messages. Furthermore there are different ways to implement both solutions. 1. amavisd-new uses the perl DKIM module for both incoming and outbound messages. 2. There is a dkim-proxy module which can be used as smtp proxy for both incoming and outbound messages. 3. There is a dkim-filter module wich can be used as smtpd_milters. 4. SpamAssassin can score DKIM signed mails. The implementation of using DKIM to verify incoming messages is very simple using 4.: * Configuring postfix to use amavisd * Installing perl-Mail-DKIM * Set some rules in spamassassin Implementation of signing outbound messages is very complex * Configuring postfix to provide a service for verified outbounding mails. This can be "submission" or a smtp port on a dedicated IP- address. This service must only accept autorized mails (sasl, mynetwork). * This service must bypass the authorized mails to a service which can sign this mail. The signing can be amavis, dkim-proxy or dkim-filter. * The signing service must be configured too. E.a. the domain key must be generated and the public key of the domain key must be published via dns. * In case of having DNS server on the same server or in ldap we can create the neccessary DNS TXT Record too via YaPI::DNSD * Having more mail domains we can define for each domain a separate key. In any case we have to define which key will be used for which domain. * It is also possible to define more secure keys which can assigned to user. The modules perl-Mail-DKIM and dkimproxy are allready part of SLE11. Only if we'll use dkim-filter we need a ney package for SLE11. - Release Notes: Activating DKIM Support. + Release Notes: Activating DKIM Support Solution: After a new installation of SLES-11-SP2 this new feature is enabled when the mail system was configured with using amavis. Updating from SLES-11-SP1 this feature must be enabled by editing /etc/mail/spamassassin/v312.pre The comment sign # must be removed from the last line: before: #loadplugin Mail::SpamAssassin::Plugin::DKIM after: loadplugin Mail::SpamAssassin::Plugin::DKIM -- openSUSE Feature: https://features.opensuse.org/310517

Feature changed by: Karl Eichwalder (keichwa) Feature #310517, revision 23 Title: DKIM and DomainKeys support openSUSE-11.4: Rejected by Milisav Radmanic (radmanic) reject date: 2011-04-21 15:13:54 reject reason: 11.4 is obviously already released Priority Requester: Desirable Requested by: Peter Bowen (pzb) Product Manager: Federico Lucifredi (flucifredi) Partner organization: openSUSE.org Description: Most of the large email service providers (gmail, yahoo, hotmail/live, aol, ...) are using DKIM checking as part of their anti-spam filtering systems. We should make it very easy for users to configure their mail server to sign mail as it goes out. References: packages: yast2-mail postfix Business case (Partner benefit): openSUSE.org: DKIM is now widely adopted by all major E-Mail providers and is considered a key check in anit-spam systems. While many people and organizations deploy one of the big integrated mail solutions or use a hosted solution, some just want good, old, plain SMTP. We should help these people, to get highest level of security directly with their operating system of choice. Discussion: #4: Masim Sugianto (vavai) (2010-09-19 02:09:42) It would be great to integrating DKIM and DomainKeys support into openSUSE. #6: Peter Varkoly (varkoly) (2011-06-08 13:54:32) Now I've analyzed the possibilities how to integrate DKIM into our mail setup. There is a big difference between using DKIM to verify incoming messages and using DKIM to sign outbound messages. Furthermore there are different ways to implement both solutions. 1. amavisd-new uses the perl DKIM module for both incoming and outbound messages. 2. There is a dkim-proxy module which can be used as smtp proxy for both incoming and outbound messages. 3. There is a dkim-filter module wich can be used as smtpd_milters. 4. SpamAssassin can score DKIM signed mails. The implementation of using DKIM to verify incoming messages is very simple using 4.: * Configuring postfix to use amavisd * Installing perl-Mail-DKIM * Set some rules in spamassassin Implementation of signing outbound messages is very complex * Configuring postfix to provide a service for verified outbounding mails. This can be "submission" or a smtp port on a dedicated IP- address. This service must only accept autorized mails (sasl, mynetwork). * This service must bypass the authorized mails to a service which can sign this mail. The signing can be amavis, dkim-proxy or dkim-filter. * The signing service must be configured too. E.a. the domain key must be generated and the public key of the domain key must be published via dns. * In case of having DNS server on the same server or in ldap we can create the neccessary DNS TXT Record too via YaPI::DNSD * Having more mail domains we can define for each domain a separate key. In any case we have to define which key will be used for which domain. * It is also possible to define more secure keys which can assigned to user. The modules perl-Mail-DKIM and dkimproxy are allready part of SLE11. Only if we'll use dkim-filter we need a ney package for SLE11. Release Notes: Activating DKIM Support Solution: - After a new installation of SLES-11-SP2 this new feature is enabled - when the mail system was configured with using amavis. - Updating from SLES-11-SP1 this feature must be enabled by editing + After a new installation of SLES 11 SP2 this feature is enabled, if the + mail system is configured with using amavis. + When updating from SLES 11 SP1 this feature must be enabled by editing /etc/mail/spamassassin/v312.pre . The comment sign # must be removed - from the last line: - before: + from the last line. Before: #loadplugin Mail::SpamAssassin::Plugin::DKIM - after: + After: loadplugin Mail::SpamAssassin::Plugin::DKIM -- openSUSE Feature: https://features.opensuse.org/310517