"SfR Fresh" - the SfR Freeware/Shareware Archive

Member "doc/Mail_SpamAssassin_Plugin_DKIM.html" of archive SpamAssassin-3.2.3.5-win32.zip:

Caution: In this restricted "SfR Fresh" environment the current HTML page may not be correctly presentated and may have some non-functional links. Alternatively you can here view or download the uninterpreted source code. That can be also achieved for any archive member file by clicking within an archive contents listing on the first character of the file(path) respectively on the according byte size field.

NAME

Mail::SpamAssassin::Plugin::DKIM - perform DKIM verification tests

SYNOPSIS

 loadplugin Mail::SpamAssassin::Plugin::DKIM [/path/to/DKIM.pm]
 full DOMAINKEY_DOMAIN eval:check_dkim_verified()

DESCRIPTION

This SpamAssassin plugin implements DKIM lookups as described by the current draft specs: draft-ietf-dkim-base-10, as well as DomainKeys lookups, as described in draft-delany-domainkeys-base-06, thanks to the support for both types of signatures by newer versions of module Mail::DKIM (0.22 or later).

It requires the Mail::DKIM CPAN module to operate. Many thanks to Jason Long for that module.

Note that if Mail::DKIM version 0.20 or later is installed, this plugin will also perform Domain Key lookups on DomainKey-Signature headers.

SEE ALSO

Mail::DKIM, Mail::SpamAssassin::Plugin

  http://jason.long.name/dkimproxy/

USER SETTINGS

whitelist_from_dkim add@ress.com [identity]
Use this to supplement the whitelist_from addresses with a check to make sure the message has been signed by a Domain Keys Identified Mail (DKIM) signature that can be verified against the From: domain's DKIM public key.

In order to support optional identities, only one whitelist entry is allowed per line, exactly like whitelist_from_rcvd. Multiple whitelist_from_dkim lines are allowed. File-glob style meta characters are allowed for the From: address, just like with whitelist_from_rcvd. The optional identity parameter must match from the right-most side, also like in whitelist_from_rcvd.

If no identity parameter is specified the domain of the address parameter specified will be used instead.

The From: address is obtained from a signed part of the message (ie. the ``From:'' header), not from envelope data that is possible to forge.

Since this whitelist requires an DKIM check to be made, network tests must be enabled.

Examples:

  whitelist_from_dkim joe@example.com
  whitelist_from_dkim *@corp.example.com
  whitelist_from_dkim jane@example.net  example.org
  whitelist_from_dkim dick@example.net  richard@example.net

def_whitelist_from_dkim add@ress.com [identity]
Same as whitelist_from_dkim, but used for the default whitelist entries in the SpamAssassin distribution. The whitelist score is lower, because these are often targets for spammer spoofing.

ADMINISTRATOR SETTINGS

dkim_timeout n (default: 5)
How many seconds to wait for a DKIM query to complete, before scanning continues without the DKIM result.