Mailing List Archive: exim: users

DKIM and DomainKeys

1 2

View All

Index | Next | Previous | View Threaded

rcooper at dwford

Jun 29, 2009, 7:40 AM

Post #1 of 26 (1546 views)
Permalink

DKIM and DomainKeys

Is there any work being done, or a patch available, to allow signing both
DKIM and DomainKeys without sending a message through exim twice?

Rick

--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

peter at bowyer

Jun 29, 2009, 7:54 AM

Post #2 of 26 (1508 views)
Permalink

Re: DKIM and DomainKeys [In reply to]

On 29/06/2009, Rick Cooper <rcooper[at]dwford.com> wrote:
>
> Is there any work being done, or a patch available, to allow signing both
> DKIM and DomainKeys without sending a message through exim twice?

Last heard, Tom's DKIM patch is mutually exclusive with the Domainkeys
functionality. I've asked about re-considering this for what I thought
were obvious reasons.... he's busy with real work at the moment but
will re-surface sometime soon I expect.

Peter
--
Peter Bowyer
Email: peter[at]bowyer.org
Follow me on Twitter: twitter.com/peeebeee

--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

renaud at allard

Jun 29, 2009, 10:31 AM

Post #3 of 26 (1508 views)
Permalink

Re: DKIM and DomainKeys [In reply to]

On 6/29/09 4:54 PM, Peter Bowyer wrote:
> On 29/06/2009, Rick Cooper<rcooper[at]dwford.com> wrote:
>> Is there any work being done, or a patch available, to allow signing both
>> DKIM and DomainKeys without sending a message through exim twice?
>
> Last heard, Tom's DKIM patch is mutually exclusive with the Domainkeys
> functionality. I've asked about re-considering this for what I thought
> were obvious reasons.... he's busy with real work at the moment but
> will re-surface sometime soon I expect.
>

I am sucessfully signing all messages with both Domainkeys and DKIM
using an exim snapshot (post 4.69).

Attachments:

smime.p7s (3.22 KB)

rcooper at dwford

Jun 29, 2009, 5:41 PM

Post #4 of 26 (1504 views)
Permalink

Re: DKIM and DomainKeys [In reply to]

----Original Message----
From: exim-users-bounces[at]exim.org [mailto:exim-users-bounces[at]exim.org] On
Behalf Of Renaud Allard Sent: Monday, June 29, 2009 1:32 PM
To: Peter Bowyer
Cc: exim users; rcooper[at]dwford.com
Subject: Re: [exim] DKIM and DomainKeys

> On 6/29/09 4:54 PM, Peter Bowyer wrote:
>> On 29/06/2009, Rick Cooper<rcooper[at]dwford.com> wrote:
>>> Is there any work being done, or a patch available, to allow signing
>>> both DKIM and DomainKeys without sending a message through exim twice?
>>
>> Last heard, Tom's DKIM patch is mutually exclusive with the Domainkeys
>> functionality. I've asked about re-considering this for what I thought
>> were obvious reasons.... he's busy with real work at the moment but
>> will re-surface sometime soon I expect.
>>
>
> I am sucessfully signing all messages with both Domainkeys and DKIM
> using an exim snapshot (post 4.69).

Sorry, Didn't hit reply all, the first time

I downloaded the latest snapshot, and I see no documentation as to the
changes for the DKIM and DK support. I do see that EDITME no longer has
either EXPERIMENTAL_ definitions and I see DKIM is compiled in unless
un-defined. But it appears the EXPERIMENTAL_DOMAINKEYS section still needs
to be in the Makefile? And what about the items such as dk_selector,
$dk_domain and so forth? Are these now $dkim_domain and dkim_selector? That
is how the code appears to be written, but I don't see anything relating to
domainkeys... Does it just sign both ways?

Any help you could give would be much appreciated

Rick

--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

eximX0902w at linuxwan

Jun 29, 2009, 8:22 PM

Post #5 of 26 (1500 views)
Permalink

Re: DKIM and DomainKeys [In reply to]

Rick Cooper wrote:
> ----Original Message----
> From: exim-users-bounces[at]exim.org [mailto:exim-users-bounces[at]exim.org] On
> Behalf Of Renaud Allard Sent: Monday, June 29, 2009 1:32 PM
> To: Peter Bowyer
> Cc: exim users; rcooper[at]dwford.com
> Subject: Re: [exim] DKIM and DomainKeys
>
>> On 6/29/09 4:54 PM, Peter Bowyer wrote:
>>> On 29/06/2009, Rick Cooper<rcooper[at]dwford.com> wrote:
>>>> Is there any work being done, or a patch available, to allow signing
>>>> both DKIM and DomainKeys without sending a message through exim twice?
>>> Last heard, Tom's DKIM patch is mutually exclusive with the Domainkeys
>>> functionality. I've asked about re-considering this for what I thought
>>> were obvious reasons.... he's busy with real work at the moment but
>>> will re-surface sometime soon I expect.
>>>
>> I am sucessfully signing all messages with both Domainkeys and DKIM
>> using an exim snapshot (post 4.69).
>
> Sorry, Didn't hit reply all, the first time
>
>
> I downloaded the latest snapshot, and I see no documentation as to the
> changes for the DKIM and DK support. I do see that EDITME no longer has
> either EXPERIMENTAL_ definitions and I see DKIM is compiled in unless
> un-defined. But it appears the EXPERIMENTAL_DOMAINKEYS section still needs
> to be in the Makefile? And what about the items such as dk_selector,
> $dk_domain and so forth? Are these now $dkim_domain and dkim_selector? That
> is how the code appears to be written, but I don't see anything relating to
> domainkeys... Does it just sign both ways?
>
> Any help you could give would be much appreciated

I believe the though line (which is listed in bug 376) goes along the
lines of - DomainKeys is depricated, DKIM is its replacement, let's move
swiftly towards that goal.

--
The Exim Manual
http://www.exim.org/docs.html
http://docs.exim.org/current/

--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

tom at duncanthrax

Jun 30, 2009, 12:26 AM

Post #6 of 26 (1496 views)
Permalink

Re: DKIM and DomainKeys [In reply to]

Rick Cooper wrote:

> Is there any work being done, or a patch available, to allow signing both
> DKIM and DomainKeys without sending a message through exim twice?

The situation right now is a bit confusing.

I had added concurrent Domainkeys (via libdomainkeys) and DKIM (via
libdkim) signing support in CVS after the 4.69 release. That code was
never released, but some people run a snapshot of it.

DKIM verification support was oddly implemented, and the library I used
had some limitations at that time. It also brought in additional
build-time dependencies (lstdc++, openssl).

So I wrote my own DKIM implementation [1] which is dependency-free and
portable even to non-posix platforms like Windows. Similar to how pcre
was handled, a copy is included in the Exim source, so Exim can have
DKIM support by default on its supported platforms (I didn't try them
all of course ...).

The code is finished and in CVS. What is missing is the documentation. I
hope to finish it next week. Domainkeys support has been dropped. I
don't really feel like bringing it back, since I now consider it to be a
dead proprietary technology. If you really need to run DKIM/Domainkeys
concurrently with Exim, your only option is to pull a CVS snapshot by
date of April last year, or use the tarball I posted back then [2].

/tom

[1] http://github.com/duncanthrax/pdkim/tree/master
[2] http://duncanthrax.net/exim-experimental/exim-cvssnap-2008-03-05.tar.gz

--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

exim-users at lists

Jun 30, 2009, 1:44 AM

Post #7 of 26 (1495 views)
Permalink

Re: DKIM and DomainKeys [In reply to]

Tom Kistner wrote:

> Domainkeys support has been dropped. I
> don't really feel like bringing it back, since I now consider it to be a
> dead proprietary technology. If you really need to run DKIM/Domainkeys
> concurrently with Exim, your only option is to pull a CVS snapshot by
> date of April last year, or use the tarball I posted back then [2].

I agree that DomainKeys support should be dropped. It's already
deprecated and its Exim support never managed to get out of Experimental.

If people really must sign with both technologies and don't want to use
my trick for sending a message through Exim twice, there is another
alternative which is to install http://dkimproxy.sourceforge.net/ and
add a manualroute to Exim to force mail that needs to be signed through
it. I know somebody that recently set up Exim to do that so it
definitely works.

--
Mike Cardwell - IT Consultant and LAMP developer
Cardwell IT Ltd. (UK Reg'd Company #06920226) http://cardwellit.com/

--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

renaud at allard

Jun 30, 2009, 3:03 AM

Post #8 of 26 (1488 views)
Permalink

Re: DKIM and DomainKeys [In reply to]

Tom Kistner wrote:
> Rick Cooper wrote:
>
>> Is there any work being done, or a patch available, to allow signing both
>> DKIM and DomainKeys without sending a message through exim twice?
>
> The situation right now is a bit confusing.
>
> I had added concurrent Domainkeys (via libdomainkeys) and DKIM (via
> libdkim) signing support in CVS after the 4.69 release. That code was
> never released, but some people run a snapshot of it.
>
> DKIM verification support was oddly implemented, and the library I used
> had some limitations at that time. It also brought in additional
> build-time dependencies (lstdc++, openssl).
>
> So I wrote my own DKIM implementation [1] which is dependency-free and
> portable even to non-posix platforms like Windows. Similar to how pcre
> was handled, a copy is included in the Exim source, so Exim can have
> DKIM support by default on its supported platforms (I didn't try them
> all of course ...).
>
> The code is finished and in CVS. What is missing is the documentation. I
> hope to finish it next week. Domainkeys support has been dropped. I
> don't really feel like bringing it back, since I now consider it to be a
> dead proprietary technology. If you really need to run DKIM/Domainkeys
> concurrently with Exim, your only option is to pull a CVS snapshot by
> date of April last year, or use the tarball I posted back then [2].
>

That said, if you want to use the same version as me to sign with both
technologies, you can use the sources here:
http://www.llorien.org/exim/exim-src_dk_domk.tar.gz

Attachments:

smime.p7s (3.21 KB)

gordon at dickens

Jun 30, 2009, 3:26 AM

Post #9 of 26 (1488 views)
Permalink

Re: DKIM and DomainKeys [In reply to]

Hi Tom,

Great to hear that your DKIM implementation is in CVS with documentation
to follow shortly. Do you have any idea when your DKIM implementation
will be officially released? I assume that it will be included in the
next release of exim, maybe version 4.70? I was just wondering what the
projected time frame is for the next release of exim. Its been a while
since the 4.69 release.....

Thanks!

Gordon

Tom Kistner wrote:
> Rick Cooper wrote:
>
>
>> Is there any work being done, or a patch available, to allow signing both
>> DKIM and DomainKeys without sending a message through exim twice?
>>
>
> The situation right now is a bit confusing.
>
> I had added concurrent Domainkeys (via libdomainkeys) and DKIM (via
> libdkim) signing support in CVS after the 4.69 release. That code was
> never released, but some people run a snapshot of it.
>
> DKIM verification support was oddly implemented, and the library I used
> had some limitations at that time. It also brought in additional
> build-time dependencies (lstdc++, openssl).
>
> So I wrote my own DKIM implementation [1] which is dependency-free and
> portable even to non-posix platforms like Windows. Similar to how pcre
> was handled, a copy is included in the Exim source, so Exim can have
> DKIM support by default on its supported platforms (I didn't try them
> all of course ...).
>
> The code is finished and in CVS. What is missing is the documentation. I
> hope to finish it next week. Domainkeys support has been dropped. I
> don't really feel like bringing it back, since I now consider it to be a
> dead proprietary technology. If you really need to run DKIM/Domainkeys
> concurrently with Exim, your only option is to pull a CVS snapshot by
> date of April last year, or use the tarball I posted back then [2].
>
> /tom
>
> [1] http://github.com/duncanthrax/pdkim/tree/master
> [2] http://duncanthrax.net/exim-experimental/exim-cvssnap-2008-03-05.tar.gz
>
>

--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

gordon at dickens

Jun 30, 2009, 4:20 AM

Post #10 of 26 (1487 views)
Permalink

Re: DKIM and DomainKeys [In reply to]

Hi Mike,

I have DKIMproxy working fine on one of my installations too and it does
both DKIM and Domain Keys signing, however, it also requires that the
message be sent through exim twice. With DKIM proxy, messages are first
received by exim and then sent to the DKIMproxy daemon for signing after
which the message is then returned to exim for routing.

DKIMproxy is very easy to setup but, because of the double exim
processing, I feel that its a bit of a kludge. However, it does work
just fine.

FYI,

Gordon

Mike Cardwell wrote:
> If people really must sign with both technologies and don't want to
> use my trick for sending a message through Exim twice, there is
> another alternative which is to install
> http://dkimproxy.sourceforge.net/ and add a manualroute to Exim to
> force mail that needs to be signed through it. I know somebody that
> recently set up Exim to do that so it definitely works.
>

--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

tom at duncanthrax

Jun 30, 2009, 5:07 AM

Post #11 of 26 (1487 views)
Permalink

Re: DKIM and DomainKeys [In reply to]

Gordon Dickens wrote:

> Great to hear that your DKIM implementation is in CVS with documentation
> to follow shortly. Do you have any idea when your DKIM implementation
> will be officially released? I assume that it will be included in the
> next release of exim, maybe version 4.70? I was just wondering what the
> projected time frame is for the next release of exim. Its been a while
> since the 4.69 release.....

The plan is to release a 4.70 once the docs are finished (unless someone
else objects?).

/tom

--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

peter at bowyer

Jun 30, 2009, 5:13 AM

Post #12 of 26 (1487 views)
Permalink

Re: DKIM and DomainKeys [In reply to]

On 30/06/2009, Tom Kistner <tom[at]duncanthrax.net> wrote:
> Gordon Dickens wrote:
>
> > Great to hear that your DKIM implementation is in CVS with documentation
> > to follow shortly. Do you have any idea when your DKIM implementation
> > will be officially released? I assume that it will be included in the
> > next release of exim, maybe version 4.70? I was just wondering what the
> > projected time frame is for the next release of exim. Its been a while
> > since the 4.69 release.....
>
> The plan is to release a 4.70 once the docs are finished (unless someone
> else objects?).

I'd like to see the incompatible changes to DK be discussed more
widely before incorporating the DKIM code into a major release.

Peter

--
Peter Bowyer
Email: peter[at]bowyer.org
Follow me on Twitter: twitter.com/peeebeee

--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

rcooper at dwford

Jun 30, 2009, 5:13 AM

Post #13 of 26 (1488 views)
Permalink

Re: DKIM and DomainKeys [In reply to]

----Original Message----
From: Tom Kistner [mailto:tom[at]duncanthrax.net]
Sent: Tuesday, June 30, 2009 3:27 AM
To: Rick Cooper
Cc: Exim Users
Subject: Re: [exim] DKIM and DomainKeys

> Rick Cooper wrote:
>
>> Is there any work being done, or a patch available, to allow signing both
>> DKIM and DomainKeys without sending a message through exim twice?
>
> The situation right now is a bit confusing.
>
> I had added concurrent Domainkeys (via libdomainkeys) and DKIM (via
> libdkim) signing support in CVS after the 4.69 release. That code was
> never released, but some people run a snapshot of it.
>
> DKIM verification support was oddly implemented, and the library I used
> had some limitations at that time. It also brought in additional
> build-time dependencies (lstdc++, openssl).
>
> So I wrote my own DKIM implementation [1] which is dependency-free and
> portable even to non-posix platforms like Windows. Similar to how pcre
> was handled, a copy is included in the Exim source, so Exim can have
> DKIM support by default on its supported platforms (I didn't try them
> all of course ...).
>
> The code is finished and in CVS. What is missing is the documentation. I
> hope to finish it next week. Domainkeys support has been dropped. I
> don't really feel like bringing it back, since I now consider it to be a
> dead proprietary technology. If you really need to run DKIM/Domainkeys
> concurrently with Exim, your only option is to pull a CVS snapshot by
> date of April last year, or use the tarball I posted back then [2].
>

That explains why it appeared that domainkeys support was missing, even
though the respondent had stated both worked in cvs. I suppose I will just
move to just dkim but not all providers have done so and I was hoping to be
able to please all.

BTW: the current exim-doc in cvs appears to be broken and won't build. It
appears to be broken in the section you added a couple of weeks ago
referencing the DKIM support. There are a bunch of errors all pretty much
like

** Error: missing closing flag %&
Processing macro vitem
Detected near line 34296 of spec.xfpt

And since spec.xml cannot be built neither can the rest. The filter
documentation builds fine. I would try and fix it but I no nothing of the
xfpt syntax.

Rick

--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

rcooper at dwford

Jun 30, 2009, 5:15 AM

Post #14 of 26 (1488 views)
Permalink

Re: DKIM and DomainKeys [In reply to]

----Original Message----
From: exim-users-bounces[at]exim.org [mailto:exim-users-bounces[at]exim.org] On
Behalf Of Renaud Allard Sent: Tuesday, June 30, 2009 6:03 AM
To: Tom Kistner
Cc: Exim Users; Rick Cooper
Subject: Re: [exim] DKIM and DomainKeys

> Tom Kistner wrote:
>> Rick Cooper wrote:
>>
>>> Is there any work being done, or a patch available, to allow signing
>>> both DKIM and DomainKeys without sending a message through exim twice?
>>
>> The situation right now is a bit confusing.
>>
>> I had added concurrent Domainkeys (via libdomainkeys) and DKIM (via
>> libdkim) signing support in CVS after the 4.69 release. That code was
>> never released, but some people run a snapshot of it.
>>
>> DKIM verification support was oddly implemented, and the library I used
>> had some limitations at that time. It also brought in additional
>> build-time dependencies (lstdc++, openssl).
>>
>> So I wrote my own DKIM implementation [1] which is dependency-free and
>> portable even to non-posix platforms like Windows. Similar to how pcre
>> was handled, a copy is included in the Exim source, so Exim can have
>> DKIM support by default on its supported platforms (I didn't try them
>> all of course ...).
>>
>> The code is finished and in CVS. What is missing is the documentation. I
>> hope to finish it next week. Domainkeys support has been dropped. I
>> don't really feel like bringing it back, since I now consider it to be a
>> dead proprietary technology. If you really need to run DKIM/Domainkeys
>> concurrently with Exim, your only option is to pull a CVS snapshot by
>> date of April last year, or use the tarball I posted back then [2].
>>
>
> That said, if you want to use the same version as me to sign with both
> technologies, you can use the sources here:
> http://www.llorien.org/exim/exim-src_dk_domk.tar.gz

Thanks!

Rick

--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

exim-users at lists

Jun 30, 2009, 5:24 AM

Post #15 of 26 (1487 views)
Permalink

Re: DKIM and DomainKeys [In reply to]

Tom Kistner wrote:

>> Great to hear that your DKIM implementation is in CVS with documentation
>> to follow shortly. Do you have any idea when your DKIM implementation
>> will be officially released? I assume that it will be included in the
>> next release of exim, maybe version 4.70? I was just wondering what the
>> projected time frame is for the next release of exim. Its been a while
>> since the 4.69 release.....
>
> The plan is to release a 4.70 once the docs are finished (unless someone
> else objects?).

I don't wish to restart the debate we had a few weeks back, but will
dnsdb be enabled by default in 4.70?

--
Mike Cardwell - IT Consultant and LAMP developer
Cardwell IT Ltd. (UK Reg'd Company #06920226) http://cardwellit.com/

--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

gordon at dickens

Jun 30, 2009, 5:47 AM

Post #16 of 26 (1487 views)
Permalink

Re: DKIM and DomainKeys [In reply to]

Hi Tom,
That's great news. Thanks!
Gordon
Tom Kistner wrote:

The plan is to release a 4.70 once the docs are finished (unless someone
else objects?).

/tom

--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

rcooper at dwford

Jun 30, 2009, 6:33 AM

Post #17 of 26 (1480 views)
Permalink

Re: DKIM and DomainKeys [In reply to]

----Original Message----
From: exim-users-bounces[at]exim.org [mailto:exim-users-bounces[at]exim.org] On
Behalf Of Tom Kistner Sent: Tuesday, June 30, 2009 8:07 AM
To: Gordon Dickens
Cc: Exim_Users_Group
Subject: Re: [exim] DKIM and DomainKeys

> Gordon Dickens wrote:
>
>> Great to hear that your DKIM implementation is in CVS with documentation
>> to follow shortly. Do you have any idea when your DKIM implementation
>> will be officially released? I assume that it will be included in the
>> next release of exim, maybe version 4.70? I was just wondering what the
>> projected time frame is for the next release of exim. Its been a while
>> since the 4.69 release.....
>
> The plan is to release a 4.70 once the docs are finished (unless someone
> else objects?).
>

I wouldn't say exactly object, but some what unhappy. Since domainkeys has
been dropped I obviously won't be able to check a domainkeys signature when
one exists. While DKIM is certainly the standard today I would bet it will
take as long for people to move to DKIM as it did for them to adopt
domainkeys and that leaves spamassassin to check the domainkeys sigs (after
I accept) and no way to sign domainkeys for those that add points for a
valid DK signature but have not yet adopted DKIM. On the other hand the
integral DKIM implementation is very much a big plus.

Rick

--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

eximusers at downhill

Jun 30, 2009, 9:42 AM

Post #18 of 26 (1481 views)
Permalink

Re: DKIM and DomainKeys [In reply to]

Rick Cooper <rcooper[at]dwford.com> wrote:
[...]
> BTW: the current exim-doc in cvs appears to be broken and won't build. It
> appears to be broken in the section you added a couple of weeks ago
> referencing the DKIM support. There are a bunch of errors all pretty much
> like

> ** Error: missing closing flag %&
> Processing macro vitem
> Detected near line 34296 of spec.xfpt

Hello,

there is already a patch in

http://bugs.exim.org/show_bug.cgi?id=856

cu andreas
--
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'

--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

rcooper at dwford

Jun 30, 2009, 10:26 AM

Post #19 of 26 (1477 views)
Permalink

Re: DKIM and DomainKeys [In reply to]

----Original Message----
From: exim-users-bounces[at]exim.org [mailto:exim-users-bounces[at]exim.org] On
Behalf Of Andreas Metzler Sent: Tuesday, June 30, 2009 12:42 PM
To: exim-users[at]exim.org
Subject: Re: [exim] DKIM and DomainKeys

> Rick Cooper <rcooper[at]dwford.com> wrote:
> [...]
>> BTW: the current exim-doc in cvs appears to be broken and won't build. It
>> appears to be broken in the section you added a couple of weeks ago
>> referencing the DKIM support. There are a bunch of errors all pretty much
>> like
>
>> ** Error: missing closing flag %&
>> Processing macro vitem
>> Detected near line 34296 of spec.xfpt
>
> Hello,
>
> there is already a patch in
>
> http://bugs.exim.org/show_bug.cgi?id=856
>

Not knowing anything about xfpt I just changed the lines (looked at similar
items) from something like

.vitem &%dkim_domain = <expanded string> [MANDATORY]%&

To

.vitem &*dkim_domain*&&~=&~<expanded string>&~&~[MANDATORY]

And changed the erroneous .ulist to .ilist (figured it a typo because of u
and I keys location)

Dunno if it's the correct way to do it but it compiles, works and looks
right.

I am happy for now, I have the docs and Renaud's source link has me signing
both in one pass. The rpms are built and I can push them out to the other
servers tonight.

Thanks all,

Rick

--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

subscriptions.private at mgn

Jul 1, 2009, 2:05 AM

Post #20 of 26 (1462 views)
Permalink

Re: DKIM and DomainKeys [In reply to]

Worth noting is that Yahoo! sign messages with both (as do Google), so the
inventors of DomainKeys recognise that the method is obsolescent. The Yahoo!
FBL also uses either signing method, see:
http://help.yahoo.com/l/us/yahoo/mail/postmaster/feedback/

--

Regards,

Martin Nicholas.

--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

iane at sussex

Jul 1, 2009, 3:35 AM

Post #21 of 26 (1449 views)
Permalink

Re: DKIM and DomainKeys [In reply to]

--On 30 June 2009 09:33:58 -0400 Rick Cooper <rcooper[at]dwford.com> wrote:

> While DKIM is certainly the standard today I would bet it will
> take as long for people to move to DKIM as it did for them to adopt
> domainkeys

<http://blogs.cisco.com/news/comments/domainkeys_identified_mail_dkim_grows_significantly/>

Yahoo! and Google both have adopted it, both inbound and outbound.

--
Ian Eiloart
IT Services, University of Sussex
01273-873148 x3148
For new support requests, see http://www.sussex.ac.uk/its/help/

--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

jethro.binks at strath

Jul 1, 2009, 3:50 AM

Post #22 of 26 (1448 views)
Permalink

Re: DKIM and DomainKeys [In reply to]

On Wed, 1 Jul 2009, Ian Eiloart wrote:

> --On 30 June 2009 09:33:58 -0400 Rick Cooper <rcooper[at]dwford.com> wrote:
>
> > While DKIM is certainly the standard today I would bet it will
> > take as long for people to move to DKIM as it did for them to adopt
> > domainkeys
>
> <http://blogs.cisco.com/news/comments/domainkeys_identified_mail_dkim_grows_significantly/>

Which took me eventually to:

http://dkim.org/deploy/exim.html

Maybe the current status details for Exim should be completed.

Jethro.

. . . . . . . . . . . . . . . . . . . . . . . . .
Jethro R Binks
Computing Officer, IT Services, University Of Strathclyde, Glasgow, UK

--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

tom at duncanthrax

Jul 1, 2009, 5:06 AM

Post #23 of 26 (1441 views)
Permalink

Re: DKIM and DomainKeys [In reply to]

Ian Eiloart wrote:

>> While DKIM is certainly the standard today I would bet it will
>> take as long for people to move to DKIM as it did for them to adopt
>> domainkeys
>
> <http://blogs.cisco.com/news/comments/domainkeys_identified_mail_dkim_grows_significantly/>

Thanks for the link!

> Yahoo! and Google both have adopted it, both inbound and outbound.

As has almost everyone else who had deployed DK earlier.

/tom

--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

michael at talamasca

Jul 2, 2009, 5:26 PM

Post #24 of 26 (1388 views)
Permalink

Re: DKIM and DomainKeys [In reply to]

On Tue, 30 Jun 2009, Tom Kistner wrote:
> Domainkeys support has been dropped. I don't really feel like bringing
> it back, since I now consider it to be a dead proprietary technology.

I wouldn't call DK completely obsolete just yet.

DKIM is in two parts, both of which are necessary to replace the role of
DK. The first part, the procedure to detect bogus signatures, is
complete. But the second part, the procedure to detect *missing*
signatures, isn't.

So, I'd still want to double sign my messages -- with DK to allow people
to discard unsigned forgeries, and with DKIM merely to test the first
half of the new protocol.

Also, DKIM provides for signatures other than the domain of the From:
address. While such signatures are not needed when using DKIM as a
replacement for DK, they may well have a use in the future. If so, Exim
might be called upon to add two or more DKIM signatures at once to a
message.

So your library should be flexible enough to handle two DKIM signatures.
If it is, then it shouldn't be to hard to extend it to handle one DKIM and
one DK signature -- since DK is just DKIM with a slightly different header
format.

---- Michael Deutschmann <michael[at]talamasca.ocis.net>

--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

holmgren at lysator

Aug 16, 2009, 1:08 PM

Post #25 of 26 (819 views)
Permalink

Re: DKIM and DomainKeys [In reply to]

On tisdagen den 30 juni 2009, Tom Kistner wrote:
> Rick Cooper wrote:
> > Is there any work being done, or a patch available, to allow signing both
> > DKIM and DomainKeys without sending a message through exim twice?
>
> The situation right now is a bit confusing.
>
> I had added concurrent Domainkeys (via libdomainkeys) and DKIM (via
> libdkim) signing support in CVS after the 4.69 release. That code was
> never released, but some people run a snapshot of it.
>
> DKIM verification support was oddly implemented, and the library I used
> had some limitations at that time. It also brought in additional
> build-time dependencies (lstdc++, openssl).
>
> So I wrote my own DKIM implementation [1] which is dependency-free and
> portable even to non-posix platforms like Windows. Similar to how pcre
> was handled, a copy is included in the Exim source, so Exim can have
> DKIM support by default on its supported platforms (I didn't try them
> all of course ...).

Oh. I guess I'll package it for Debian ASAP then.

--
Magnus Holmgren holmgren[at]lysator.liu.se
(No Cc of list mail needed, thanks)

"Exim is better at being younger, whereas sendmail is better for
Scrabble (50 point bonus for clearing your rack)" -- Dave Evans

Attachments:

signature.asc (0.19 KB)

1 2

View All

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact lists@gossamer-threads.com