From: VR on
My Debian(Lenny)/Postfix environment is inbound only (except
bounces/rejects of course) that uses transports to hand messages off to
Exchange servers for multiple domains.

I've been reading about DKIM in the Postfix archives most of tonight and
have seen both praise and pause going back to about 2007 regarding
implementing DKIM in general.

I realize DKIM, nor Postfix are "spam solutions" but I would like to
know if DKIM might reduce the number of forgeries passed through my
Postfix gateway? More specifically, from hosts claiming to be larger
organizations that do use DKIM signing for their outbound traffic?

Ideally I would not like to do content inspection (at this time) nor
would I like to implement outbound signing. I have seen some write ups
on DKIM but all discuss signing outbound. Can DKIM be done just for
inbound? And which DKIM implementation works smoothly or is recommended
with Postfix?

From: mouss on
VR a �crit :
> My Debian(Lenny)/Postfix environment is inbound only (except
> bounces/rejects of course) that uses transports to hand messages off to
> Exchange servers for multiple domains.
>
> I've been reading about DKIM in the Postfix archives most of tonight and
> have seen both praise and pause going back to about 2007 regarding
> implementing DKIM in general.
>
> I realize DKIM, nor Postfix are "spam solutions" but I would like to
> know if DKIM might reduce the number of forgeries passed through my
> Postfix gateway? More specifically, from hosts claiming to be larger
> organizations that do use DKIM signing for their outbound traffic?
>

dkim won't help you much. you can't simply reject on dkim failure. Even
when the site policy says dkim is mandatory, you'll see broken signatures.

dkim can help as one component of a content filtering solution.


> Ideally I would not like to do content inspection (at this time) nor
> would I like to implement outbound signing. I have seen some write ups
> on DKIM but all discuss signing outbound. Can DKIM be done just for
> inbound?

yes.

> And which DKIM implementation works smoothly or is recommended
> with Postfix?

I use milter-dkim.
if you use amavisd-new, then it has DKIM support.

From: ram on

On Sun, 2010-05-09 at 21:57 -0400, VR wrote:
> My Debian(Lenny)/Postfix environment is inbound only (except
> bounces/rejects of course) that uses transports to hand messages off to
> Exchange servers for multiple domains.
>
> I've been reading about DKIM in the Postfix archives most of tonight and
> have seen both praise and pause going back to about 2007 regarding
> implementing DKIM in general.
>
> I realize DKIM, nor Postfix are "spam solutions" but I would like to
> know if DKIM might reduce the number of forgeries passed through my
> Postfix gateway? More specifically, from hosts claiming to be larger
> organizations that do use DKIM signing for their outbound traffic?
>
> Ideally I would not like to do content inspection (at this time) nor
> would I like to implement outbound signing. I have seen some write ups
> on DKIM but all discuss signing outbound. Can DKIM be done just for
> inbound? And which DKIM implementation works smoothly or is recommended
> with Postfix?
>
DKIM checking for inbound mails has almost nothing to do with postfix.
The best way will be to use spamassassin and use the DKIM_* rules.
Default SA has them configured

If you use some other antispam , see how it supports DKIM checks

Thanks
Ram