unixdev.net


Switch to SpeakEasy.net DSL

The Modular Manual Browser

Home Page
Manual: (Debian-5.0)
Page:
Section:
Apropos / Subsearch:
optional field

Mail::SpamAssassin::PlUser:Contributed PeMail::SpamAssassin::Plugin::DKIM(3pm)



NAME
       Mail::SpamAssassin::Plugin::DKIM - perform DKIM verification tests

SYNOPSIS
        loadplugin Mail::SpamAssassin::Plugin::DKIM [/path/to/DKIM.pm]

        full DKIM_VALID     eval:check_dkim_valid()
        full DKIM_VALID_AU  eval:check_dkim_valid_author_sig()

       (for compatibility, a check_dkim_verified is a synonym for
       check_dkim_valid)

DESCRIPTION
       This SpamAssassin plugin implements DKIM lookups as described by the
       RFC 4871, as well as historical DomainKeys lookups, as described by RFC
       4870, thanks to the support for both types of signatures by newer
       versions of module Mail::DKIM (0.22 or later).

       It requires the "Mail::DKIM" CPAN module to operate. Many thanks to
       Jason Long for that module.

TAGS
       The following tags are added to the set, available for use in reports,
       header fields, other plugins, etc.:

         _DKIMIDENTITY_  signing identities (the 'i' tag) from valid signatures;
         _DKIMDOMAIN_    signing domains (the 'd' tag) from valid signatures;

       Identities and domains from signatures which failed verification are
       not included in these tags. Duplicates are eliminated (e.g. when there
       are two or more valid signatures from the same signer, only one copy
       makes it into a tag).  Note that there may be more than one signature
       in a message - currently they are provided as a space-separated list,
       although this behaviour may change.

SEE ALSO
       "Mail::DKIM", "Mail::SpamAssassin::Plugin"

         http://jason.long.name/dkimproxy/
         http://tools.ietf.org/rfc/rfc4871.txt
         http://tools.ietf.org/rfc/rfc4870.txt
         http://ietf.org/html.charters/dkim-charter.html

USER SETTINGS
       whitelist_from_dkim authorATexample.com [signing-identity]
           Use this to supplement the whitelist_from addresses with a check to
           make sure the message with a given From address (the author's
           address) carries a valid Domain Keys Identified Mail (DKIM)
           signature by a verifier-acceptable signing-identity (the i= tag).

           Only one whitelist entry is allowed per line, as in
           "whitelist_from_rcvd".  Multiple "whitelist_from_dkim" lines are
           allowed. File-glob style characters are allowed for the From
           address (the first parameter), just like with
           "whitelist_from_rcvd". The second parameter does not accept
           wildcards.

           If no signing identity parameter is specified, the only acceptable
           signature will be a first-party signature, i.e. the so called
           author signature, which is a signature where the signing identity
           of a signature matches the author address (i.e. the address in a
           From header field).

           Since this whitelist requires a DKIM check to be made, network
           tests must be enabled.

           Examples of whitelisting based on an author signature (first-
           party):

             whitelist_from_dkim joeATexample.com
             whitelist_from_dkim *@corp.example.com
             whitelist_from_dkim *@*.example.com

           Examples of whitelisting based on third-party signatures:

             whitelist_from_dkim rickATexample.net     richardATexample.net
             whitelist_from_dkim rickATsub.net example.net
             whitelist_from_dkim janeATexample.net     example.org
             whitelist_from_dkim *@info.example.com   example.com
             whitelist_from_dkim *@*                  remailer.example.com

       def_whitelist_from_dkim authorATexample.com [signing-identity]
           Same as "whitelist_from_dkim", but used for the default whitelist
           entries in the SpamAssassin distribution.  The whitelist score is
           lower, because these are often targets for abuse of public mailers
           which sign their mail.

ADMINISTRATOR SETTINGS
       dkim_timeout n             (default: 5)
           How many seconds to wait for a DKIM query to complete, before
           scanning continues without the DKIM result.



perl v5.10.0                      2008-06Mail::SpamAssassin::Plugin::DKIM(3pm)