Launchpad Entry: amavisd-dkim
Created:June 24, 2008
Packages affected:amavisd-new, libmail-dkim-perl and depends
Provide Domain Keys Identified Mail (DKIM) verification and From based whitelisting support in the default amavisd-new configuration. This will allow users to whitelist against spam filtering known good domains that sign their mail with DKIM. This enables otherwise more aggressive filtering for phishing mails to reduce end user exposure to 'bad' mail without increased risk of losing valid mail.
Technical approach is promote libmail-dkim-perl and depends (two more Perl modules) to Main and change amavisd-new configuration to enable DKIM verification by default. Our amavisd-new package already diverges from Debian, so no measurably increased maintenance burden is expected. This is the upstream recommended configuration.
Domain Keys Identified Mail (DKIM) verification and From based whitelisting support in the default amavisd-new configuration. If amavisd-new is installed for spam and virus filtering integration, known 'good' domains that sign their mail with DKIM can be whitelisted from further spam checks. A small set of 'good' domains provided in the upstream documentation are set to be whitelisted by default.
This spec will put Intrepid on the cutting edge of email authentication technology and enhance Ubuntu Server capability as a mail server platform. As content filtering gets more aggressive, finding new ways (such as this) to find good mail and save it from the filtering process is essential to avoid increased false positive risks.
George runs a small ISP and gets lots of complaints from his customers about phishing emails purported to be from their banks. George cranks up the aggressiveness of his spam filtering, sees the phish mails getting caught and declares victory. A few weeks later George's wife (George uses his services at home) complains that their bank notification emails are getting stuck in the spam folder and she's afraid she'll miss something. George despairs.
The next day George discusses the problem with Jane, the mail server admin. Jane is always looking for new technology to give their small ISP with a competitive edge against their larger competitors. She has read about DKIM and thinks it might help. Jane gets really excited when she discovers that U.S. financial institutions have agreed to sign their mail with DKIM.
Jane looks into it is pleasantly suprised to find their Ubuntu Intrepid based mail servers already have it enabled. All she has to do is add George's bank to the list of whitelisted domains and George and his wife will get their mail from their bank. She goes ahead and adds domains for other financial institutions and George's customers are all happy.
None of significance.
Promote libmail-dkim-perl and depends to Main (Done):
libnet-dns-perl (was in Main in Dapper)
libnet-ip-perl (was in Main in Dapper)
Note: libnet-dns-perl and libnet-ip-perl also needed for spamassassin MIR.
Changed amavisd-new configuration to enable DKIM verification by default.
Revised package uploaded - Need to test and document.
Need to clearly document how to whitelist in the server guide.
Install. Test that it works. There are Ubuntu Developers that already sign mail using DKIM, so getting a corpus of mail to test with will not be a problem.
BoF agenda and discussion
None. This is a natural improvement that flows from the new capability in amavisd-new 2.6.