DKIM becomes more official

Gary Mills
Sun Oct 21 19:35:34 UTC 2007

On Sun, Oct 14, 2007 at 09:19:03AM -0500, Gary Mills wrote:
> On Sat, Oct 13, 2007 at 03:24:43AM +0000, Vernon Schryver wrote:
> > 
> > The dccproc/dccifd/dccm whiteclnt mechanism might be useful, but I'd
> > be an idiot to start writing DKIM code.  Other people who actually like
> > the idea of authentication/bonding/etc. are inventing that wheel.
> The only available source appears to be for dkim-milter.  I'm about to
> build this for sendmail-8.14.1.  I don't mind running another milter,
> in addition to dccm.  In fact, dkim-milter should be fairly
> lightweight.  It would have to run before dccm so that it could set
> macros, create headers, or something, that could be noticed by dccm.

I've just finished building and testing dkim-milter.  It requires
openssl-0.9.8, which seems to be quite a recent version.  I've had
to rebuild Cyrus SASL and sendmail to utilize this same version.
The milter does both signing and verification.  I've been successful
in testing both, although I only need verification initially in

The DKIM milter runs before the dccm milter.  It does use macros to
communicate with the main sendmail process, but it doesn't appear to
set macros specifically for subsequent milters.  It does create one
header; here's an example for when verification succeeds:

    Authentication-Results:; dkim=pass (1024-bit key)

This was for e-mail from the domain with verification on
host setup01.  Can this be used directly by the dccm milter?  I'd
prefer something more automatic, with a spam reputation database
interposed.  I haven't yet done any analysis on how this could be
accomplished, but it would be good for users (or the administrator)
to have a say in the matter.  I suppose that the RBL support in dccm
might be a suitable model.

-Gary Mills-    -Unix Support-    -U of M Academic Computing and Networking-

More information about the DCC mailing list

Contact by mail or use the form.