DomainKeys and DKIM signing support

Rick Cooper rcooper at dwford.com
Thu Jun 7 23:00:25 IST 2007 

 

> -----Original Message-----
> From: mailscanner-bounces at lists.mailscanner.info 
> [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf 
> Of Kevin Hansard
> Sent: Thursday, June 07, 2007 11:26 AM
> To: mailscanner at lists.mailscanner.info
> Subject: DomainKeys and DKIM signing support
> 
> I would like to sign my outgoing emails with a DomainKeys or DKIM
> signature. I have looked at using dkim-filter with sendmail to perform
> this however the solution doesn't really work with MailScanner because
> milters can only operate on incoming SMTP messages, so if MailScanner
> makes any changes to the message the signature will be invalidated. In
> our system we add a disclaimer using MailScanner to messages 
> so the body
> signature would always be invalid.
> 
> It seems sensible for MailScanner to perform this function immediately
> before submitting the message for delivery. I don't think it would be
> that hard to implement given the Mail::DKIM module would do 
> most of the
> work. However I am reluctant to start hacking the MailScanner code.
> 
> Is DKIM support on the MailScanner roadmap?
> Has anyone else ran into this issue?
> 

Is MailScanner not still the man in the middle between outbound and inbound?

I don't know about sendmail but with exim it goes

	MUA/SMTP->exim-inbound->MailScanner->exim-outbound->SMTP/Mail-Dir

So I would check DKIM on the remote inbound  and sign DKIM on the outbound
SMTP. I assume sendmail must work similarly because MailScanner doesn't
deliver to anything, local or remote, at anytime. Since you would only sign
on outbound remote your MTA couldn't do anything to alter the message. I am
sure the last thing to touch your outbound mail would/should be the entity
that signs, or am I missing something about DK/DKIM?


> Alternative solutions would including placing the messages to 
> be signed
> in a different queue and have my own app sign them and put them back
> into the main outgoing queue or using another sendmail gateway running
> dkim-filter to process the messages coming out of MailScanner.
> 
> Thoughts appreciated.
> 
> Thanks
> 
> --
> Kevin Hansard
> www.ipl.com


--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the MailScanner mailing list