Mailinglist Archive: opensuse-features (166 mails)

< Previous Next >
[openFATE 310517] DKIM and DomainKeys support
Feature changed by: Ihno Krumreich (ihno)
Feature #310517, revision 22
Title: DKIM and DomainKeys support

openSUSE-11.4: Rejected by Milisav Radmanic (radmanic)
reject date: 2011-04-21 15:13:54
reject reason: 11.4 is obviously already released
Priority
Requester: Desirable

Requested by: Peter Bowen (pzb)
Product Manager: Federico Lucifredi (flucifredi)
Partner organization: openSUSE.org

Description:
Most of the large email service providers (gmail, yahoo, hotmail/live,
aol, ...) are using DKIM checking as part of their anti-spam filtering
systems. We should make it very easy for users to configure their mail
server to sign mail as it goes out.

References:
packages: yast2-mail postfix

Business case (Partner benefit):
openSUSE.org: DKIM is now widely adopted by all major E-Mail providers
and is considered a key check in anit-spam systems. While many people
and organizations deploy one of the big integrated mail solutions or
use a hosted solution, some just want good, old, plain SMTP. We should
help these people, to get highest level of security directly with their
operating system of choice.

Discussion:
#4: Masim Sugianto (vavai) (2010-09-19 02:09:42)
It would be great to integrating DKIM and DomainKeys support into
openSUSE.

#6: Peter Varkoly (varkoly) (2011-06-08 13:54:32)
Now I've analyzed the possibilities how to integrate DKIM into our mail
setup. There is a big difference between using DKIM to verify incoming
messages and using DKIM to sign outbound messages. Furthermore there
are different ways to implement both solutions.
1. amavisd-new uses the perl DKIM module for both incoming and outbound
messages.
2. There is a dkim-proxy module which can be used as smtp proxy for
both incoming and outbound messages.
3. There is a dkim-filter module wich can be used as smtpd_milters.
4. SpamAssassin can score DKIM signed mails.
The implementation of using DKIM to verify incoming messages is very
simple using 4.:
* Configuring postfix to use amavisd
* Installing perl-Mail-DKIM
* Set some rules in spamassassin
Implementation of signing outbound messages is very complex
* Configuring postfix to provide a service for verified outbounding
mails. This can be "submission" or a smtp port on a dedicated IP-
address. This service must only accept autorized mails (sasl,
mynetwork).
* This service must bypass the authorized mails to a service which can
sign this mail. The signing can be amavis, dkim-proxy or dkim-filter.
* The signing service must be configured too. E.a. the domain key must
be generated and the public key of the domain key must be published via
dns.
* In case of having DNS server on the same server or in ldap we can
create the neccessary DNS TXT Record too via YaPI::DNSD
* Having more mail domains we can define for each domain a separate
key. In any case we have to define which key will be used for which
domain.
* It is also possible to define more secure keys which can assigned to
user.
The modules perl-Mail-DKIM and dkimproxy are allready part of SLE11.
Only if we'll use dkim-filter we need a ney package for SLE11.



Release Notes: Activating DKIM Support

Solution:
After a new installation of SLES-11-SP2 this new feature is enabled
when the mail system was configured with using amavis.
Updating from SLES-11-SP1 this feature must be enabled by editing
- /etc/mail/spamassassin/v312.pre The comment sign # must be removed from
- the last line:
+ /etc/mail/spamassassin/v312.pre . The comment sign # must be removed
+ from the last line:
before:
#loadplugin Mail::SpamAssassin::Plugin::DKIM

after:
loadplugin Mail::SpamAssassin::Plugin::DKIM


--
openSUSE Feature:
https://features.opensuse.org/310517

< Previous Next >
This Thread
  • No further messages