Re: [Mimedefang] DKIM In MIMEdefang
On 2012-07-16 3:23 PM, David F. Skoll wrote:
On Mon, 16 Jul 2012 15:18:22 -0500
Ben Kamen wrote:
We use Mail::DKIM directly from MIMEDefang to sign messages.
Erm, so if you would please elaborate a little further...
We have a little routine like this in our filter:
sub dkim_sign
{
(snip)
}
and we call it for outbound mail.
so it's not in there by default -- that's good to know.
If I send a message through my server (sendmail) via port 465/587
through the sendmail MSA... how does this affect signing of messages
through sendmail's DKIM-milter?
Use one or the other, but not both.
I didn't think both would be a good idea. hahah... oy!
Which one would I be better off using for outbound email? Sendmail or
MimeDefang?
It depends. We use MIMEDefang because it allows more flexible policy.
We can choose whether or not to sign outbound mail based on whatever
criteria we like... we might not want to sign all outbound mail.
That's exactly what I needed to know..
Thanks again,
-Ben
p.s. Happy user of MIMEdefang since like 2003 or 2004 or something. It's been a
LONG time.
--
Ben Kamen - O.D.T., S.P.
--
eMail: b...@benjammin.net http://www.benjammin.net
http://www.linkedin.com/in/benkamen
Fortune says:
You're too beautiful to ignore. Too much woman.
-- Kirk to Yeoman Rand, "The Enemy Within", stardate unknown
- -
NOTICE: All legal disclaimers sent to benjammin.net/benkamen.net
or any of it's affiliated domains are rendered null and void on
receipt of communications will be handled/considered as such.
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] DKIM In MIMEdefang
On Mon, 16 Jul 2012 15:18:22 -0500
Ben Kamen wrote:
> > We use Mail::DKIM directly from MIMEDefang to sign messages.
> Erm, so if you would please elaborate a little further...
We have a little routine like this in our filter:
sub dkim_sign
{
my $dkim = Mail::DKIM::Signer->new(
Algorithm => "rsa-sha1",
Method => "relaxed",
Domain => "roaringpenguin.com",
Selector => "beta",
KeyFile => "/etc/ssl/private/roaringpenguin.com.dkim.key");
if (open(TOSIGN, ") {
# remove local line terminators
chomp;
s/\015$//;
# use SMTP line terminators
$dkim->PRINT("$_\015\012");
}
close(TOSIGN);
$dkim->CLOSE();
my $signature = $dkim->signature()->as_string();
$signature =~ s/^DKIM-Signature:\s+//i;
action_add_header('DKIM-Signature', $signature);
}
}
and we call it for outbound mail.
> If I send a message through my server (sendmail) via port 465/587
> through the sendmail MSA... how does this affect signing of messages
> through sendmail's DKIM-milter?
Use one or the other, but not both.
> I haven't looked lately, but IIRC, mimedefang does scan outgoing
> email (although I wish it didn't I just never looked up how to
> disable it)
> Which one would I be better off using for outbound email? Sendmail or
> MimeDefang?
It depends. We use MIMEDefang because it allows more flexible policy.
We can choose whether or not to sign outbound mail based on whatever
criteria we like... we might not want to sign all outbound mail.
Regards,
David.
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] DKIM In MIMEdefang
On 2012-07-16 3:03 PM, David F. Skoll wrote: On Sat, 14 Jul 2012 22:31:05 -0500 Ben Kamen wrote: So I'd like to do DKIM now and I see where I do the signing part in sendmail -- but was curious what the best way to do it with mime-defang was -- through SpamAssassin (and then add checks in MD or let SA do all the work?) We use Mail::DKIM directly from MIMEDefang to sign messages. Erm, so if you would please elaborate a little further... If I send a message through my server (sendmail) via port 465/587 through the sendmail MSA... how does this affect signing of messages through sendmail's DKIM-milter? I haven't looked lately, but IIRC, mimedefang does scan outgoing email (although I wish it didn't I just never looked up how to disable it) Which one would I be better off using for outbound email? Sendmail or MimeDefang? However, for verification purposes (if you're not using CanIt) it's probably easiest just to use SpamAssassin's built-in support. Ok, that's what I needed to know on that end.. Thanks David! -Ben -- Ben Kamen - O.D.T., S.P. -- eMail: b...@benjammin.net http://www.benjammin.net http://www.linkedin.com/in/benkamen Fortune says: You're too beautiful to ignore. Too much woman. -- Kirk to Yeoman Rand, "The Enemy Within", stardate unknown - - NOTICE: All legal disclaimers sent to benjammin.net/benkamen.net or any of it's affiliated domains are rendered null and void on receipt of communications will be handled/considered as such. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] DKIM In MIMEdefang
On Sat, 14 Jul 2012 22:31:05 -0500 Ben Kamen wrote: > So I'd like to do DKIM now and I see where I do the signing part in > sendmail -- but was curious what the best way to do it with > mime-defang was -- through SpamAssassin (and then add checks in MD or > let SA do all the work?) We use Mail::DKIM directly from MIMEDefang to sign messages. We also use it directly in our CanIt product (rather than using SpamAssassin's built-in DKIM support.) However, for verification purposes (if you're not using CanIt) it's probably easiest just to use SpamAssassin's built-in support. Regards, David. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
