Mail::SpamAssassin::Plugin::DomainKeys

Section: User Contributed Perl Documentation (3)
Updated: 2006-09-29
Index Return to Main Contents
 

NAME

Mail::SpamAssassin::Plugin::DomainKeys - perform DomainKeys verification tests  

SYNOPSIS

 loadplugin Mail::SpamAssassin::Plugin::DomainKeys [/path/to/DomainKeys.pm]

Signature:
 header DK_SIGNED                eval:check_domainkeys_signed()
 header DK_VERIFIED              eval:check_domainkeys_verified()

Policy:
   Note that DK policy record is only fetched if DK_VERIFIED is false
   to save signing domain from unnecessary DNS queries,
   as recommended (SHOULD) by draft-delany-domainkeys-base.
   Rules DK_POLICY_* should preferably not be relied upon when DK_VERIFIED
   is true, although they will return false in current implementation
   when a policy record is not fetched, except for DK_POLICY_TESTING,
   which is true if t=y appears in a public key record OR in a policy
   record (when available).
 header DK_POLICY_TESTING        eval:check_domainkeys_testing()
 header DK_POLICY_SIGNSOME       eval:check_domainkeys_signsome()
 header DK_POLICY_SIGNALL        eval:check_domainkeys_signall()

Whitelisting based on verified signature:
 header USER_IN_DK_WHITELIST     eval:check_for_dk_whitelist_from()
 header USER_IN_DEF_DK_WL        eval:check_for_def_dk_whitelist_from()  

DESCRIPTION

This is the DomainKeys plugin and it needs lots more documentation.  

USER SETTINGS

domainkeys_timeout n (default: 5)
How many seconds to wait for a DomainKeys query to complete, before scanning continues without the DomainKeys result.
whitelist_from_dk add@ress.com [signing domain name]
Use this to supplement the whitelist_from addresses with a check to make sure the message has been signed by a DomainKeys signature that can be verified against the From: domain's DomainKeys public key.

In order to support signing domain names that differ from the address domain name, only one whitelist entry is allowed per line, exactly like "whitelist_from_rcvd". Multiple "whitelist_from_dk" lines are allowed. File-glob style meta characters are allowed for the From: address, just like with "whitelist_from_rcvd". The optional signing domain name parameter must match from the right-most side, also like in "whitelist_from_rcvd".

If no signing domain name parameter is specified the domain of the address parameter specified will be used instead.

The From: address is obtained from a signed part of the message (ie. the ``From:'' header), not from envelope data that is possible to forge.

Since this whitelist requires a DomainKeys check to be made, network tests must be enabled.

Examples:

  whitelist_from_dk joe@example.com
  whitelist_from_dk *@corp.example.com

  whitelist_from_dk bob@it.example.net  example.net
  whitelist_from_dk *@eng.example.net   example.net

def_whitelist_from_dk add@ress.com [signing domain name]
Same as "whitelist_from_dk", but used for the default whitelist entries in the SpamAssassin distribution. The whitelist score is lower, because these are often targets for spammer spoofing.


 

Index

NAME
SYNOPSIS
DESCRIPTION
USER SETTINGS

linux.jgfs.net manual pages