problems with dkim-milter and mailscanner/postfix

[Jeff A. Earickson]

On Wed, 23 Apr 2008, Scott Silva wrote:

> on 4-22-2008 9:56 PM Hugo van der Kooij spake the following:
>> Paul Hutchings wrote:
>> | I suppose it's a conversation for a different list so hope I'm not going
>> | too OT here, but without getting into the wars about standard X vs
>> | standard Y, is it actually worth the effort of getting DKIM working in
>> | peoples opinions?
>> |
>> | We use SPF and obviously it doesn't stop spam but it does stop spoofing.
>> |
>> | DKIM/DomainKeys seems to make me a "good net citizen" but at present my
>> | understanding is all it really does is authenticates?
>> 
>> One of the main DKIM players is yahoo. Another is google. I happen to
>> get a lot of spam with valid DKIM stuff from Yahoo. Others are not keen
>> on Google. So it seems to me DKIM is not adding anything except a large
>> header block to each message.
>> 
>> Hugo.
>> 
> DKIM is only as valuable as SPF. It lets you know if a mail came from the 
> servers it says it did. Many ISP's send lots of spam, and don't seem to try 
> and stop it. Neither technology helps here. It takes a lot of processor power 
> and a good set of rules to catch spam. And then if you do some post work like 
> blocking persistent sources for a period of time, you get more benefits.
>
> As for spam from Yahoo, I don't think I get much valid mail from yahoo, and I 
> have thought about writing a meta rule for DKIM that cancels any score help 
> if it comes from yahoo or google.

I just deployed dkim-milter a week or so ago; I had an SPF entry for a long time.
Other than the clutter in the mail headers, I haven't noticed any difference in
spam.  The one thing I did notice with SpamAssassin is that references to 
DKIM_SIGNED disappeared from the "MailScanner ... is spam, SpamAssassin (..."
syslogging coming from MailScanner, after dkim-milter went live.

Jeff Earickson
Colby College