From owner-freebsd-questions@FreeBSD.ORG Mon May 7 13:53:43 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id C970216A406 for ; Mon, 7 May 2007 13:53:43 +0000 (UTC) (envelope-from noeldude@gmail.com) Received: from nz-out-0506.google.com (nz-out-0506.google.com [64.233.162.235]) by mx1.freebsd.org (Postfix) with ESMTP id 8968613C448 for ; Mon, 7 May 2007 13:53:43 +0000 (UTC) (envelope-from noeldude@gmail.com) Received: by nz-out-0506.google.com with SMTP id s1so1645771nze for ; Mon, 07 May 2007 06:53:43 -0700 (PDT) DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=rgXsuwuM2x5PAgccnB2OclOGBUvb6BDeY29NEMPIKxmDsLBaiKvcE3/KIAMYa2GioEMfoyHfKLVvO53E355qLiWQMrjQPpXo/dFLwtoFHIhdpCymeZvjyobzC76FKIR2q1zv8RtGhlKWQpxFlZoddIOFwmC9jw7WXbPjw6i1Cfs= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=MKuK7nukadWfRnTcAOjVnIEQdDnC/C9kNUE47yOye7ReX0I5JcdYUSUyge9403JBiwptNMVnI2xUS94DA7STKnsH6t/Ej/JDpCZ2Dbr8QBMOqLGGKTH6H9YFBc+TFMgoPwq0VwONJZ+NAn9FnTrVxxuHMrixew27R5pmk/dFLpo= Received: by 10.115.90.1 with SMTP id s1mr1631265wal.1178546022324; Mon, 07 May 2007 06:53:42 -0700 (PDT) Received: by 10.114.133.8 with HTTP; Mon, 7 May 2007 06:53:42 -0700 (PDT) Message-ID: Date: Mon, 7 May 2007 08:53:42 -0500 From: "Noel Jones" To: PeterPluta In-Reply-To: <10352478.post@talk.nabble.com> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <10352478.post@talk.nabble.com> Cc: freebsd-questions@freebsd.org Subject: Re: DomainsKeys/DKIM with Postfix - Questions X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 07 May 2007 13:53:43 -0000 On 5/7/07, PeterPluta wrote: > > I'm currently running FreeBSD 6.2, Postfix, Amavisd-new, Spamassasin, > Dovecot, and ClamAV for my mail setup. I've been meaning to add Domain > Keys/DKIM for a while now, but I don't really know where to start. I > understand the basic concept, but it seems a bit confusing as you get into > it. > > Has anyone here sucessfully set it up? I've been following this guide > http://www.ijs.si/software/amavisd/a...docs.html#dkim and found the > confusion to start when they recommend using both Domainkeys and DKIM. I > thought DKIM is a replacement for the older Domain Keys? I've noticed Gmail > has both Domainkey and DKIM headers. What the point of using both? Also, can > I send mail from virtual domains I have without the DNS check being invalid? > Say I send mail with a TO: peter@testdomain.com and my mailserver's > hostname/domain is mail.mydomain2500.com, will that be rejected? The port > for DKIM seems to be broken too! :( > > I'd appreciate someone chiming in. > > Cheers, > Ferrarislave I have a similar setup to yours, I use both DKIM and DomainKeys with my postfix installation. I just followed the MILTER_README included with postfix and the INSTALL instructions that came with dkim-miler, but I've read the instructions you mention and they are correct also. I use both DKIM and DomainKeys because many providers still only recognize DomainKeys. As more folks move to DKIM, I'll eventually be able to drop DomainKeys. As for virtual domains, you can define for each domain if it is to use DKIM. They can all share the same private/public key files, but each domain must have its own DNS entry defining DKIM/DomainKeys usage and public key. Start with one domain using DKIM as a test, then add more as you get familiar with it. It won't cause problems to have a subset of your domains using DKIM. When I built mine a few months ago, I built both dkim-miler and dk-milter from source downloaded from sourceforge since the ports were a few versions behind at the time and the ports packages seemed very sendmail-specific - no surprise there. Haven't looked at the ports status of these two lately. I do know that dk-milter-0.5.0 and dkim-milter-0.6.6 both built easily from source and don't require any patching to work correctly with postfix (older versions needed some minor patches). I notice dkim-milter-0.7.0 was just released yesterday, haven't tried it yet. -- Noel Jones