I finally have dkim-milter running on our production e-mail server, ahead of the dccm milter. It's taking an insignificant portion of the CPU cycles, and seems reliable. Here's a typical sendmail log entry, showing sendmail adding a header:
Dec 8 14:44:04 electra sm-mta[10083]: [ID 801593 mail.info] lB8KhnwS010083: Milter insert (1): header: Authentication-Results: electra.cc.umanitoba.ca; dkim=pass (1024-bit key) [EMAIL PROTECTED] Here's a summary from the same log, showing the frequency of the `dkim=' and `header.i=' fields and cut off at six copies: 467 pass @gmail.com 85 pass @googlegroups.com 56 pass @google.com 50 neutral @gmail.com 41 fail @arizonajoin.com 34 pass @dwellroute.com 18 fail @accesshello.com 17 pass @mentalstruct.com 15 pass [EMAIL PROTECTED] 14 pass @immensedispersalblitz.com 12 permerror @adobesystems.com 10 permerror @springer.delivery.net 10 pass @goodsclassic.com 9 pass @immensetradeblitz.com 8 pass @immensetrafficblasting.com 8 pass @googlemail.com 7 permerror [EMAIL PROTECTED] `dccm' can whitelist these messages, based on the `Authentication-Results' header. Some of them look suspicious, but some certainly could be used for whitelisting. Essentially, this means delegating responsibility for user behavior to the people that own the domain. I notice that when somebody from @gmail.com sends to us, the result code is `pass', but when they send through an external mailing list to us, the code changes to `neutral'. Some also have `fail', meaning that verification failed, and some have `permerror', meaning that part of the signature was missing or in error. It will really require a third party to report the spam reputation of each domain owner before we can use DKIM signature for wholesale whitelisting of e-mail messages. -- -Gary Mills- -Unix Support- -U of M Academic Computing and Networking- _______________________________________________ DCC mailing list [email protected] http://www.rhyolite.com/mailman/listinfo/dcc
