DKIM with MailScanner

am.lists am.lists at gmail.com
Thu Mar 8 14:06:35 CET 2007


On 3/8/07, Arthur Sherman <arturs at netvision.net.il> wrote:
> > You need to install the Mail::DKIM perl modules.
>
> Angelo,
>
> Thanks for the tip. It solved part of the problem, except for rules and
> score warnings.
> Most of mails come scored=0.
>
> --
> [root at ns1 spamassassin]# MailScanner -D --lint
> Option d is ambiguous (debug, debug-sa)
> Read 764 hostnames from the phishing whitelist
> Checking version numbers...
> Version number in MailScanner.conf (4.58.9) is correct.
>
> Checking for SpamAssassin errors (if you use it)...
> Using SpamAssassin results cache
> Connected to SpamAssassin cache database
> config: configuration file "/usr/share/spamassassin/20_advance_fee.cf"
> requires version 3.001008 of SpamAssassin, but this is code version
> 3.001007. Maybe you need to use the -C switch, or remove the old config
> files? Skipping this file at
> /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/Conf/Parser.pm line 345.
> <snip>
> config: warning: score set for non-existent rule DEAR_SOMETHING
> config: warning: score set for non-existent rule SUB_HELLO
> <snip>
> [7457] info: rules: meta test REPTO_QUOTE_YAHOO has undefined dependency
> '__FROM_YAHOO_COM'
> <snip>
> SpamAssassin reported an error.
> Using locktype = posix
> Creating hardcoded struct_flock subroutine for linux (Linux-type)
> MailScanner.conf says "Virus Scanners = f-prot"
> Found these virus scanners installed: f-prot, clamav
> --
>
> Also, i couldn't find any complete guide to installing and configuring
> DomainKeys with sendmail and MS, athough Google gives plenty choises.
> If you know one, I'd be happy to get my hands on it.
>
>
> Best,
>
> --
> Arthur Sherman

The score warnings you see in your lint now are not related to DKIM. I
assume when you say that the scores are still showing up as 0 you are
referring to DKIM (e.g. DKIM_SIGNED, DKIM_VERIFIED, etc.)

The default rules are something miniscule, like 0.001 and -0.001, just
so that the rule appears int he report while you figure out what your
policy should be. Now, it's up to you to decide what your DKIM policy
shall be.

I asked on this list a couple weeks ago with no replies. But, I'm
finding that entities who may use a DK or DKIM signature are still
spammy sometimes. Take for example a large mail-order catalogue
company. Their mail would normally get caught by rules for things like
image weight, textual intention of trying to sell something, etc. Now,
you go and reward them heavily for passing a DKIM test and now their
mail suddenly gets through.

Personally, I'm not sure I want to be that kind.  On the other hand,
you could give a hefty penalty for those who have a forged DKIM
signature, but I haven't seen a forgery attempt with either DK or DKIM
yet.

I'm interested in others' opinions on this as well.


More information about the MailScanner mailing list