DomainKeys Identified Mail (DKIM)

Yeah, finally there is a standard/technology to prevent spam (if it works of course).

So what is it?

         DomainKeys Identified Mail (DKIM) provides a method for validating                an identity that is associated with a message, during the time                it is transferred over the Internet. That identity then can be                held accountable for the message.

Cisco, Yahoo and PGP are starting to use this technology.

Read more at:
http://www.dkim.org/

Natural follow-up question; How to integrate DomainKeys into InterWorx?! :wink:

Wow, this is interesting!

If it’s like you say WebXtrA…

     Yeah, finally there is a standard/technology to prevent spam (if it works of course).

…this will be a hot topic on alot of sites (RFC 4871).
And off course…how could we implement it in Interworx

-tsl-

[QUOTE=tsl;14530]And off course…how could we implement it in Interworx
[/QUOTE]

My guess is, the MTA (qmail) has to support it. Isn’t it?

Edit: Found qmail.org in the list of organizations that have agreed to be listed as supporting DKIM ( http://dkim.org/deploy/supporters.html )

I think sendmail has something for dkim. http://www.sendmail.com/sm/wp/dkim/

Is this to replace or complement Sender Policy Framework (SPF) (which never really seemed to catch on)?

yahoo domainkeys

Yahoo have recomended domainkeys to prove and protect email sender identity in http://antispam.yahoo.com/domainkeys. Implementation in qmail can find in http://jeremy.kister.net/howto/dk.html. But we must create a TXT record in my DNS as per http://domainkeys.sourceforge.net/dist.html:
For tinydns (djbdns):
'_domainkey.example.com.:t=y; o=-;
'default._domainkey.example.com.:[B]DomainKey_from_step_5

[/B]Where i can find file configuration djbdns interworx in console,
to edit that file?

How would you add this to the tcp.smtp?

65.172.240.33-62:allow,RELAYCLIENT="",DKSIGN="/etc/domainkeys/dog",QMAILQUEUE=“bin/qmail-dk”

Not sure how one would do this since QMAILQUEUE is already pointing to ‘simscan’

Here is another link to the Qmail patch:
http://qmail.serve-you.net/qmail-1.03-dk-0.54.patch

i don’t implement installation qmail using qmail-dk patch and qmail-dk-0.54-auth.patch yet. I have tried install mail server in experimental server as same as in http://www.shupp.org/toaster/. it’s patch qmail with libdomainkeys-0.68 only, not with qmail-dk patch and qmail-dk-0.54-auth.patch.

In a mailing list, i have found topic about domainkey and tcp.smtp which was implemented. But he have got problem in http://readlist.com/lists/list.cr.yp.to/qmail/0/3574.html

his tcp.smtp:

127.0.0.1:allow,DKVERIFY=“EGIJKfh”,DKSIGN="/var/qmail/control/domainkeys/%/priva te",DKQUEUE="/var/qmail/bin/simscan",QMAILQUEUE="/var/qmail/bin/qmail-dk",RELAYC LIENT=""
:allow,DKVERIFY=“EGIJKfh”,DKSIGN="/var/qmail/control/domainkeys/%/private",DKQUE UE="/var/qmail/bin/simscan",QMAILQUEUE="/var/qmail/bin/qmail-dk"

DKQUEUE="/var/qmail/bin/simscan",QMAILQUEUE="/var/qmail/bin/qmail-dk"

So I guess this is how you do it, maybe I’ll give this a try on my test box soon and see how it goes.

[QUOTE=sp?d?;14533]’_domainkey.example.com.:t=y; o=-;
'default._domainkey.example.com.:[B]DomainKey_from_step_5

[/B]Where i can find file configuration djbdns interworx in console,
to edit that file?[/QUOTE]

You can create the TXT record in the NodeWorx DNS record interface (recommended).

Alternatively you could add the djbdns formatted line to a file named

/usr/local/interworx/var/lib/dns/data-sync_domainkeys

beause all data-sync_* files are combined with DNS data in InterWorx.

Paul

                      Originally Posted by Justec

DKQUEUE="/var/qmail/bin/simscan",QMAILQUEUE="/var/qmail/bin/qmail-dk"
So I guess this is how you do it, maybe I’ll give this a try on my test box soon and see how it goes.
Thanks

Another reference : http://wiki.qmailtoaster.com/index.php/Tcp.smtp
127.:allow,RELAYCLIENT="",DKSIGN="/var/qmail/control/domainkeys/%/private"
:allow,BADMIMETYPE="",BADLOADERTYPE=“M”,
CHKUSER_RCPTLIMIT=“15”,CHKUSER_WRONGRCPTLIMIT=“3”,
DKVERIFY=“DEGIJKfh”,QMAILQUEUE="/var/qmail/bin/simscan",
DKQUEUE="/var/qmail/bin/qmail-queue.orig",\

So,I use this:
ln /var/qmail/bin/qmail-queue /var/qmail/bin/qmail-queue.orig
ln /var/qmail/bin/qmail-dk /var/qmail/bin/qmail-queue.new
mv /var/qmail/bin/qmail-queue.new /var/qmail/bin/qmail-queue

QMAILQUEUE="/var/qmail/bin/simscan,DKQUEUE="/var/qmail/bin/qmail-queue.orig

Thanks to IWorx-Paul

I can input in /usr/local/interworx/var/lib/dns/data-sync_domainkeys:
'_domainkey.example1.com.:t=y; o=-;
'default._domainkey.example1.com.:DomainKey_from_step_51
'_domainkey.example2.com.:t=y; o=-;
'default._domainkey.example2.com.:DomainKey_from_step_52
'_domainkey.example3.com.:t=y; o=-;
'default._domainkey.example3.com.:DomainKey_from_step_53

Right ?

If I input txt record in the NodeWorx DNS record interface, the result :
_domainkey.example1.com TXT t=y; o=-
default._domainkey.example1.com TXT DomainKey_from_step_51
in DNS Records :: example1.com ,
right?

But in input << String >> only maxlength 128 char, I have tried to input the result of:
grep -v ^- rsa.public | perl -e ‘while(<>){chop;$l.=$_;}print "t=y; p=$l;
";’

the charachter is not enaugh to input in box txt string.

CMIIW

Thanks

Report Card On DKIM

Hi Folks,

I actually had a customer point me at this thread and ask if DKIM was worth the effort to implement. Seems like more than a few months have passed since this discussion took place. So, what’s the verdict?

Did generating a key, configuring djbdns, installing the qmail hooks, testing and implementing DKIM help anybody out? If so, is there a cookbook for Iworx users to follow?

My customer is more interested in avoiding delivery problems to Yahoo and Excite than he is in using DKIM to validate delivery to him.

Thanks for any help you can give… dave

Oops

Please ignore the “thumbs down” icon on my earlier post. It looked like a question mark to me when I selected it. The old eyes aren’t what they used to be.

dave