On Wednesday 02 July 2008 17:11, Mathias Gug wrote: > Hi, > > Here are the minutes of the meeting. They can also be found online with > the irc logs here: https://wiki.ubuntu.com/MeetingLogs/Server/20080701. ... > ==== Spec status ==== > > Most of the MIR related to amavisd-dkim have been done.
To follow up on this, all the MIR were approved and I have uploaded a new version of amavisd-new to Intrepid that enables DKIM verification by default. Now it needs testing and documentation. Additional background: DomainKeys Identified Mail (DKIM) is a new email identitiy authorization technology. That and Sender Policy Framework (SPF) are the two major domain level technologies currently being used. DKIM is designed to operate on the identities in the body of the message (RFC 2822) and SPF is designed to operate on the identities in the message envelope (RFC 821/2821). With the new DKIM policy-bank support in amavisd-new, messages with valid DKIM signatures can safely be whitelisted based on the body From address. This is described in the spec use case: https://wiki.ubuntu.com/ServerAmavisdDKIMSpec In addition to enabling verification, the default configuration whitelists mail from known good domains that are known to sign mail with DKIM: ebay.com, ebay.co.uk, ebay.at, ebay.ca, ebay.de, ebay.fr, paypal.co.uk, paypal.com, alert.bankofamerica.com, amazon.com, cisco.com, cnn.com, skype.net, welcome.skype.com, and cc.yahoo-inc.com Be default then, these domains will have their messages that have a valid DKIM signature skip amavisd-new content filtering. Now it is time to test all this. I need someone who can temporarily install the new versions of amavisd-new and libmail-dkim-perl and ideally run them against a mail stream of some volume. To that end, I have uploaded these packages to my PPA for Hardy, so it is not necessary to be running Intrepid to help: https://launchpad.net/~kitterman/+archive NOTE: There are Intrepid packages in there for another reason. Unless you want to do Intrepid SE Linux testing, install from Hardy and not Intrepid. The packages there are identical to the ones uploaded to Intrepid, with one exception, I've added kitterman.com to the default whitelist to facilitate testing. Since libmail-dkim-perl is a recommends and not a depends and the Hardy apt does not install recommends by default, you will need to explicitly install both packages. If you try this, please let me know. Scott K -- ubuntu-server mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
