ServerAmavisdDKIMSpec

Revision 4 as of 2008-06-25 22:15:50

Clear message
  • Launchpad Entry: amavisd-dkim

  • Created:June 24, 2008

  • Contributors: ScottKitterman

  • Packages affected:amavisd-new, libmail-dkim-perl and depends

Summary

Provide [http://www.dkim.org/ Domain Keys Identified Mail (DKIM)] verification and From based whitelisting support in the default amavisd-new configuration. This will allow users to whitelist against spam filtering known good domains that sign their mail with DKIM. This enables otherwise more aggressive filtering for phishing mails to reduce end user exposure to 'bad' mail without increased risk of losing valid mail.

Technical approach is promote libmail-dkim-perl and depends (two more Perl modules) to Main and change amavisd-new configuration to enable DKIM verification by default. Our amavisd-new package already diverges from Debian, so no measurably increased maintenance burden is expected. This is the upstream recommended configuration.

Release Note

[http://www.dkim.org/ Domain Keys Identified Mail (DKIM)] verification and From based whitelisting support in the default amavisd-new configuration. If amavisd-new is installed for spam and virus filtering integration, known 'good' domains that sign their mail with DKIM can be whitelisted from further spam checks.

Rationale

This spec will put Intrepid on the cutting edge of email authentication technology and enhance Ubuntu Server capability as a mail server platform. As content filtering gets more aggressive, finding new ways (such as this) to find good mail and save it from the filtering process is essential to avoid increased false positive risks.

Use Cases

George runs a small ISP and gets lots of complaints from his customers about phishing emails purported to be from their banks. George cranks up the aggressiveness of his spam filtering, sees the phish mails getting caught and declares victory. A few weeks later George's wife (George uses his services at home) complains that their bank notification emails are getting stuck in the spam folder and she's afraid she'll miss something. George despairs.

The next day George discusses the problem with Jane, the mail server admin. Jane is always looking for new technology to give their small ISP with a competitive edge against their larger competitors. She has read about [http://www.dkim.org/ DKIM] and thinks it might help. Jane gets really excited when she discovers that U.S. financial institutions have [http://bitsinfo.org/downloads/Misc/BITSReleaseEmailSecurityFINALApril07.pdf agreed to sign their mail with DKIM].

Jane looks into it is pleasantly suprised to find their Ubuntu Intrepid based mail servers already have it enabled. All she has to do is add George's bank to the list of whitelisted domains and George and his wife will get their mail from their bank. She goes ahead and adds domains for other financial institutions and George's customers are all happy.

Assumptions

None of significance.

Design

Promote libmail-dkim-perl and depends to Main:

Anchor(mirs)

Package name

Assignee

MIR

libdigest-sha-perl

libnet-dns-perl

libcrypt-openssl-rsa-perl

libmail-dkim-perl

Change amavisd-new configuration to enable DKIM verification by default.

Need to clearly document how to whitelist in the server guide.

Migration

No issues.

Test/Demo Plan

Install. Test that it works. There are Ubuntu Developers that already sign mail using DKIM, so getting a corpus of mail to test with will not be a problem.

Outstanding Issues

None.

BoF agenda and discussion

None. This is a natural improvement that flows from the new capability in amavisd-new 2.6.


CategorySpec