ServerAmavisdDKIMSpec

  • Launchpad Entry: amavisd-dkim

  • Created:June 24, 2008

  • Contributors: ScottKitterman

  • Packages affected:amavisd-new, libmail-dkim-perl and depends

Summary

Provide Domain Keys Identified Mail (DKIM) verification and From based whitelisting support in the default amavisd-new configuration. This will allow users to whitelist against spam filtering known good domains that sign their mail with DKIM. This enables otherwise more aggressive filtering for phishing mails to reduce end user exposure to 'bad' mail without increased risk of losing valid mail.

Technical approach is promote libmail-dkim-perl and depends (two more Perl modules) to Main and change amavisd-new configuration to enable DKIM verification by default. Our amavisd-new package already diverges from Debian, so no measurably increased maintenance burden is expected. This is the upstream recommended configuration.

Release Note

Domain Keys Identified Mail (DKIM) verification and From based whitelisting support in the default amavisd-new configuration. If amavisd-new is installed for spam and virus filtering integration, known 'good' domains that sign their mail with DKIM can be whitelisted from further spam checks. A small set of 'good' domains provided in the upstream documentation are set to be whitelisted by default.

Rationale

This spec will put Intrepid on the cutting edge of email authentication technology and enhance Ubuntu Server capability as a mail server platform. As content filtering gets more aggressive, finding new ways (such as this) to find good mail and save it from the filtering process is essential to avoid increased false positive risks.

Use Cases

George runs a small ISP and gets lots of complaints from his customers about phishing emails purported to be from their banks. George cranks up the aggressiveness of his spam filtering, sees the phish mails getting caught and declares victory. A few weeks later George's wife (George uses his services at home) complains that their bank notification emails are getting stuck in the spam folder and she's afraid she'll miss something. George despairs.

The next day George discusses the problem with Jane, the mail server admin. Jane is always looking for new technology to give their small ISP with a competitive edge against their larger competitors. She has read about DKIM and thinks it might help. Jane gets really excited when she discovers that U.S. financial institutions have agreed to sign their mail with DKIM.

Jane looks into it is pleasantly suprised to find their Ubuntu Intrepid based mail servers already have it enabled. All she has to do is add George's bank to the list of whitelisted domains and George and his wife will get their mail from their bank. She goes ahead and adds domains for other financial institutions and George's customers are all happy.

Assumptions

None of significance.

Design

Promote libmail-dkim-perl and depends to Main (Done):

Package name

Assignee

MIR

libdigest-sha-perl

ScottKitterman

243306

libnet-dns-perl (was in Main in Dapper)

ScottKitterman

243301

libnet-ip-perl (was in Main in Dapper)

ScottKitterman

243276

libcrypt-openssl-rsa-perl

ScottKitterman

243311

libcrypt-openssl-bignum-perl

ScottKitterman

243266

libmail-dkim-perl

ScottKitterman

243313

Note: libnet-dns-perl and libnet-ip-perl also needed for spamassassin MIR.

Changed amavisd-new configuration to enable DKIM verification by default.

Revised package uploaded - Need to test and document.

Need to clearly document how to whitelist in the server guide.

Migration

No issues.

Test/Demo Plan

Install. Test that it works. There are Ubuntu Developers that already sign mail using DKIM, so getting a corpus of mail to test with will not be a problem.

Outstanding Issues

None.

BoF agenda and discussion

None. This is a natural improvement that flows from the new capability in amavisd-new 2.6.


CategorySpec

ServerAmavisdDKIMSpec (last edited 2008-08-06 16:15:16 by localhost)