Steve, > While having your attention, might I ask you another DKIM related question? > What happens if a sender has DKIM and has signed his/her subject line? > Does amavis take care of that or will it prefix the subject with SPAM/Not > Checked/etc entries and break DKIM?
If you have it configured to modify a Subject, it will do so regardless of whether this header field was signed or not. And yes, this will break subsequent DKIM tests, so it is prudent to tag a subject close to a final delivery, where no further sw components will be re-examining the signature. Note that Subject tagging is only done for local recipients, so outgoing signed mail will not be affected. > Well... I think we should not go into discussion about that but IMHO good > written C code usually beats good written Perl code. Stress on 'good'. Incidently, benchmarking of DKIM signature verification in a perl module Mail::DKIM (as used by amavisd and SpamAssassin) revealed that the pure-perl version can canonicalize a message and verify a signature faster than Mail::OpenDKIM, which uses a C library of OpenDKIM underneath. The reason is that the Perl implementation deals with large chunks of text in one operation, where the OpenDKIM lost precious time in its chain of subroutine calls, passing around small pieces of text. Mark
