Mailinglist Archive: opensuse-features (263 mails)

< Previous Next >
[openFATE 310517] DKIM and DomainKeys support
Feature changed by: Peter Varkoly (varkoly)
Feature #310517, revision 12
Title: DKIM and DomainKeys support

openSUSE-11.4: Rejected by Milisav Radmanic (radmanic)
reject date: 2011-04-21 15:13:54
reject reason: 11.4 is obviously already released
Requester: Desirable

Info Provider: (Novell)
Requested by: Peter Bowen (pzb)
Product Manager: (Novell)
Project Manager: (Novell)
Engineering Manager: (Novell)
Developer: (Novell)
Technical Contact: (Novell)
Partner organization:

Most of the large email service providers (gmail, yahoo, hotmail/live,
aol, ...) are using DKIM checking as part of their anti-spam filtering
systems. We should make it very easy for users to configure their mail
server to sign mail as it goes out.

packages: yast2-mail postfix

Business case (Partner benefit): DKIM is now widely adopted by all major E-Mail providers
and is considered a key check in anit-spam systems. While many people
and organizations deploy one of the big integrated mail solutions or
use a hosted solution, some just want good, old, plain SMTP. We should
help these people, to get highest level of security directly with their
operating system of choice.

#4: Masim Sugianto (vavai) (2010-09-19 02:09:42)
It would be great to integrating DKIM and DomainKeys support into

+ #6: Peter Varkoly (varkoly) (2011-06-08 13:54:32)
+ Now I've analyzed the possibilities how to integrate DKIM into our mail
+ setup. There is a big difference between using DKIM to verify incoming
+ messages and using DKIM to sign outbound messages. Furthermore there
+ are different ways to implement both solutions.
+ 1. amavisd-new uses the perl DKIM module for both incoming and outbound
+ messages.
+ 2. There is a dkim-proxy module which can be used as smtp proxy for
+ both incoming and outbound messages.
+ 3. There is a dkim-filter module wich can be used as smtpd_milters.
+ 4. SpamAssassin can score DKIM signed mails.
+ The implementation of using DKIM to verify incoming messages is very
+ simple using 4.:
+ * Configuring postfix to use amavisd
+ * Installing perl-Mail-DKIM
+ * Set some rules in spamassassin
+ Implementation of signing outbound messages is very complex
+ * Configuring postfix to provide a service for verified outbounding
+ mails. This can be "submission" or a smtp port on a dedicated IP-
+ address. This service must only accept autorized mails (sasl,
+ mynetwork).
+ * This service must bypass the authorized mails to a service which can
+ sign this mail. The signing can be amavis, dkim-proxy or dkim-filter.
+ * The signing service must be configured too. E.a. the domain key must
+ be generated and the public key of the domain key must be published via
+ dns.
+ * In case of having DNS server on the same server or in ldap we can
+ create the neccessary DNS TXT Record too via YaPI::DNSD
+ * Having more mail domains we can define for each domain a separate
+ key. In any case we have to define which key will be used for which
+ domain.
+ * It is also possible to define more secure keys which can assigned to
+ user.
+ The modules perl-Mail-DKIM and dkimproxy are allready part of SLE11.
+ Only if we'll use dkim-filter we need a ney package for SLE11.

openSUSE Feature:

< Previous Next >
This Thread
  • No further messages