[Mimedefang] DKIM In MIMEdefang

David F. Skoll dfs at roaringpenguin.com
Mon Jul 16 16:23:08 EDT 2012

On Mon, 16 Jul 2012 15:18:22 -0500
Ben Kamen <bkamen at cornelius.benjammin.net> wrote:

> > We use Mail::DKIM directly from MIMEDefang to sign messages.

> Erm, so if you would please elaborate a little further...

We have a little routine like this in our filter:

sub dkim_sign
        my $dkim = Mail::DKIM::Signer->new(
                Algorithm => "rsa-sha1",
                Method => "relaxed",
                Domain => "roaringpenguin.com",
                Selector => "beta",
                KeyFile => "/etc/ssl/private/roaringpenguin.com.dkim.key");
        if (open(TOSIGN, "<INPUTMSG")) {
                while(<TOSIGN>) {
                        # remove local line terminators

                        # use SMTP line terminators
                my $signature = $dkim->signature()->as_string();
                $signature =~ s/^DKIM-Signature:\s+//i;
                action_add_header('DKIM-Signature', $signature);

and we call it for outbound mail.

> If I send a message through my server (sendmail) via port 465/587
> through the sendmail MSA... how does this affect signing of messages
> through sendmail's DKIM-milter?

Use one or the other, but not both.

> I haven't looked lately, but IIRC, mimedefang does scan outgoing
> email (although I wish it didn't I just never looked up how to
> disable it)

> Which one would I be better off using for outbound email? Sendmail or
> MimeDefang?

It depends.  We use MIMEDefang because it allows more flexible policy.
We can choose whether or not to sign outbound mail based on whatever
criteria we like... we might not want to sign all outbound mail.



More information about the MIMEDefang mailing list