DomainKeys and DKIM signing support

Kevin Hansard Kevin.Hansard at ipl.com
Fri Jun 8 09:49:40 IST 2007


> So I would check DKIM on the remote inbound  and sign DKIM on the
outbound
> SMTP. I assume sendmail must work similarly because MailScanner
doesn't
> deliver to anything, local or remote, at anytime. Since you would only
sign
> on outbound remote your MTA couldn't do anything to alter the message.
I am
> sure the last thing to touch your outbound mail would/should be the
entity
> that signs, or am I missing something about DK/DKIM?

You are correct. However there is a significant limitation with sendmail
in that the standard way to extend its functionality is to write a
milter. However the milters are only processed during an incoming SMTP
session. Verifying a DKIM signature is ok this way because that can be
done with the incoming copy of sendmail. Signing the message needs to be
done after MailScanner has performed it's operation on the message.
Unfortunately MailScanner delivers the message to the outgoing sendmail
via sendmail queue files rather than with an SMTP session hence the
milter doesn't get processed.

--
Kevin Hansard
www.ipl.com




More information about the MailScanner mailing list