Prev: Filter before delivery without procmail or maildrop
Next: lmtp_generic_maps for delivery to dovecot
From: VR on 9 May 2010 21:57 My Debian(Lenny)/Postfix environment is inbound only (except bounces/rejects of course) that uses transports to hand messages off to Exchange servers for multiple domains. I've been reading about DKIM in the Postfix archives most of tonight and have seen both praise and pause going back to about 2007 regarding implementing DKIM in general. I realize DKIM, nor Postfix are "spam solutions" but I would like to know if DKIM might reduce the number of forgeries passed through my Postfix gateway? More specifically, from hosts claiming to be larger organizations that do use DKIM signing for their outbound traffic? Ideally I would not like to do content inspection (at this time) nor would I like to implement outbound signing. I have seen some write ups on DKIM but all discuss signing outbound. Can DKIM be done just for inbound? And which DKIM implementation works smoothly or is recommended with Postfix?
From: mouss on 10 May 2010 04:24 VR a �crit : > My Debian(Lenny)/Postfix environment is inbound only (except > bounces/rejects of course) that uses transports to hand messages off to > Exchange servers for multiple domains. > > I've been reading about DKIM in the Postfix archives most of tonight and > have seen both praise and pause going back to about 2007 regarding > implementing DKIM in general. > > I realize DKIM, nor Postfix are "spam solutions" but I would like to > know if DKIM might reduce the number of forgeries passed through my > Postfix gateway? More specifically, from hosts claiming to be larger > organizations that do use DKIM signing for their outbound traffic? > dkim won't help you much. you can't simply reject on dkim failure. Even when the site policy says dkim is mandatory, you'll see broken signatures. dkim can help as one component of a content filtering solution. > Ideally I would not like to do content inspection (at this time) nor > would I like to implement outbound signing. I have seen some write ups > on DKIM but all discuss signing outbound. Can DKIM be done just for > inbound? yes. > And which DKIM implementation works smoothly or is recommended > with Postfix? I use milter-dkim. if you use amavisd-new, then it has DKIM support.
From: ram on 10 May 2010 04:59 On Sun, 2010-05-09 at 21:57 -0400, VR wrote: > My Debian(Lenny)/Postfix environment is inbound only (except > bounces/rejects of course) that uses transports to hand messages off to > Exchange servers for multiple domains. > > I've been reading about DKIM in the Postfix archives most of tonight and > have seen both praise and pause going back to about 2007 regarding > implementing DKIM in general. > > I realize DKIM, nor Postfix are "spam solutions" but I would like to > know if DKIM might reduce the number of forgeries passed through my > Postfix gateway? More specifically, from hosts claiming to be larger > organizations that do use DKIM signing for their outbound traffic? > > Ideally I would not like to do content inspection (at this time) nor > would I like to implement outbound signing. I have seen some write ups > on DKIM but all discuss signing outbound. Can DKIM be done just for > inbound? And which DKIM implementation works smoothly or is recommended > with Postfix? > DKIM checking for inbound mails has almost nothing to do with postfix. The best way will be to use spamassassin and use the DKIM_* rules. Default SA has them configured If you use some other antispam , see how it supports DKIM checks Thanks Ram
|
Pages: 1 Prev: Filter before delivery without procmail or maildrop Next: lmtp_generic_maps for delivery to dovecot |