On Mon, 16 Jul 2012 15:18:22 -0500
Ben Kamen <[email protected]> wrote:
> > We use Mail::DKIM directly from MIMEDefang to sign messages.
> Erm, so if you would please elaborate a little further...
We have a little routine like this in our filter:
sub dkim_sign
{
my $dkim = Mail::DKIM::Signer->new(
Algorithm => "rsa-sha1",
Method => "relaxed",
Domain => "roaringpenguin.com",
Selector => "beta",
KeyFile => "/etc/ssl/private/roaringpenguin.com.dkim.key");
if (open(TOSIGN, "<INPUTMSG")) {
while(<TOSIGN>) {
# remove local line terminators
chomp;
s/\015$//;
# use SMTP line terminators
$dkim->PRINT("$_\015\012");
}
close(TOSIGN);
$dkim->CLOSE();
my $signature = $dkim->signature()->as_string();
$signature =~ s/^DKIM-Signature:\s+//i;
action_add_header('DKIM-Signature', $signature);
}
}
and we call it for outbound mail.
> If I send a message through my server (sendmail) via port 465/587
> through the sendmail MSA... how does this affect signing of messages
> through sendmail's DKIM-milter?
Use one or the other, but not both.
> I haven't looked lately, but IIRC, mimedefang does scan outgoing
> email (although I wish it didn't I just never looked up how to
> disable it)
> Which one would I be better off using for outbound email? Sendmail or
> MimeDefang?
It depends. We use MIMEDefang because it allows more flexible policy.
We can choose whether or not to sign outbound mail based on whatever
criteria we like... we might not want to sign all outbound mail.
Regards,
David.
_______________________________________________
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list [email protected]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
