| To: | qmail@list.cr.yp.to |
|---|---|
| Subject: | Re: Broken DomainKey .. or dead project? |
| From: | "Erik A. Espinoza" <erik.espinoza@gmail.com> |
| Date: | Wed, 4 Apr 2007 13:42:50 -0700 |
| Delivered-to: | sp-com-lists@consult.net |
| Delivered-to: | gmail-qmail@securepoint.com |
| Delivered-to: | sp.com.list@gmail.com |
| Delivered-to: | mailing list qmail@list.cr.yp.to |
| Dkim-signature: | a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=RCvQ766XUdP67QXfSKUnTMSq9ltPy6t4iwHIdYVkJtIkiLE8KwfWB8hpaJsHan7btt22i6K3pH7DirjFJk2KhOF79NLOdgdfFGD1dRDa2ivD+pPv5sPXpAzcxyEAE26Q+C9DmFLxFNiFLIgyr88ngzp7L70fqbYfiz34k2ZI25c= |
| Domainkey-signature: | a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=Y4mEzpYDcJt3VoGKYz4Fqn5jZz4/TqOcMd6b4fcSRkAqL5kqXkAemkMp6LIwNWTurLwnnZmC/6sALBQIH8Pc19heqSAmgmvkkZNfeIiIuoG89L5cnUNQLzPOIvNn/SnNl/290OasDv5+1b8c1MMfaC9DMqxSi8j2CpI2hSXN9zQ= |
| Domainkey-status: | good (test mode) |
| In-reply-to: | <p06240603c239aa94b54f@128.163.18.106> |
| Mailing-list: | contact qmail-help@list.cr.yp.to; run by ezmlm |
| References: | <b86db13f0704011331m4135c427vc934ced0d8b64120@mail.gmail.com> <20070401205313.GA5988@discworld.dyndns.org> <b86db13f0704011429x17f3e0b1w903861f725380af5@mail.gmail.com> <20070401225748.GA6359@discworld.dyndns.org> <1175514940.31108.92.camel@castor.taos-it.nl> <b86db13f0704041207p6b6c548ai617ff192c7d27414@mail.gmail.com> <p06240603c239aa94b54f@128.163.18.106> |
Thanks for the info. Very interesting. The QmailToaster rpm distribution does include SpamAssassin already. Sounds like the best bet would be to move incoming verification to SpamAssassin and use qmail-dk for outgoing signing only. Nice info here Matt. Erik On 4/4/07, Matt Simpson <net-qmlist@jmatt.net> wrote: Sometime last year, I asked some questions on this list about Domainkeys and qmail-dk, and Russ Nelson responded. His response indicated that he might have been considering further development of qmail-dk, but I'm not sure what he's done with it since then. That dialog can be seen in the list archives at http://marc.info/?l=qmail&m=114805494228980&w=2 Based on Russ's responses (and questions), and remarks from others, I decided that a qmail-queue frontend, like qmail-dk, was probably not the appropriate place for domainkeys verification. It's not really feasible to make a "yes/no" decision about accepting mail based solely on domainkey signature. The best you could do would be to have it provide information to be used by some more intelligent spam filter which would use that as one of many factors to make a judgment. And if you're going to use some more intelligent spam filter, you might as well use one like spamassassin, which has domainkey support in it already, eliminating the need for verification by qmail-dk. I still think qmail-dk is handy for signing outgoing messages. One of the limitations mentioned, not being able to specify which headers are included, has been fixed with a version of qmail-dk provided by Richard Lyons http://test.frob.com.au/qmail/patches/qmail-1.03-dk-0.54-exclude.patch There are still some issues with qmail-dk. One that I recently encountered was not being able to sign bounce messages. I still haven't resolved that one. |
| Previous by Date: | Re: timeoutsmtpd downsides, Kyle Wheeler |
|---|---|
| Next by Date: | Re: Broken DomainKey .. or dead project?, Matt Simpson |
| Previous by Thread: | Re: Broken DomainKey .. or dead project?, Kyle Wheeler |
| Next by Thread: | Re: Broken DomainKey Implementation, Russ Nelson |
| Indexes: | [Date] [Thread] [Top] [All Lists] |