[Mimedefang] DKIM In MIMEdefang
David F. Skoll
dfs at roaringpenguin.com
Mon Jul 16 16:23:08 EDT 2012
On Mon, 16 Jul 2012 15:18:22 -0500
Ben Kamen <bkamen at cornelius.benjammin.net> wrote:
> > We use Mail::DKIM directly from MIMEDefang to sign messages.
> Erm, so if you would please elaborate a little further...
We have a little routine like this in our filter:
sub dkim_sign
{
my $dkim = Mail::DKIM::Signer->new(
Algorithm => "rsa-sha1",
Method => "relaxed",
Domain => "roaringpenguin.com",
Selector => "beta",
KeyFile => "/etc/ssl/private/roaringpenguin.com.dkim.key");
if (open(TOSIGN, "<INPUTMSG")) {
while(<TOSIGN>) {
# remove local line terminators
chomp;
s/\015$//;
# use SMTP line terminators
$dkim->PRINT("$_\015\012");
}
close(TOSIGN);
$dkim->CLOSE();
my $signature = $dkim->signature()->as_string();
$signature =~ s/^DKIM-Signature:\s+//i;
action_add_header('DKIM-Signature', $signature);
}
}
and we call it for outbound mail.
> If I send a message through my server (sendmail) via port 465/587
> through the sendmail MSA... how does this affect signing of messages
> through sendmail's DKIM-milter?
Use one or the other, but not both.
> I haven't looked lately, but IIRC, mimedefang does scan outgoing
> email (although I wish it didn't I just never looked up how to
> disable it)
> Which one would I be better off using for outbound email? Sendmail or
> MimeDefang?
It depends. We use MIMEDefang because it allows more flexible policy.
We can choose whether or not to sign outbound mail based on whatever
criteria we like... we might not want to sign all outbound mail.
Regards,
David.
More information about the MIMEDefang
mailing list