Switch to SpeakEasy.net DSL

The Modular Manual Browser

Home Page
Manual: (Debian-5.0)
Apropos / Subsearch:
optional field


       Mail::SpamAssassin::Plugin::DomainKeys - perform DomainKeys
       verification tests

        loadplugin Mail::SpamAssassin::Plugin::DomainKeys [/path/to/DomainKeys.pm]

        header DK_SIGNED                eval:check_domainkeys_signed()
        header DK_VERIFIED              eval:check_domainkeys_verified()

          Note that DK policy record is only fetched if DK_VERIFIED is
          false to save a signing domain from unnecessary DNS queries,
          as recommended (SHOULD) by draft-delany-domainkeys-base.
          Rules DK_POLICY_* should preferably not be relied upon when
          DK_VERIFIED is true, although they will return false in current
          implementation when a policy record is not fetched, except for
          DK_POLICY_TESTING, which is true if t=y appears in a public key
          record OR in a policy record (when available).
        header DK_POLICY_TESTING        eval:check_domainkeys_testing()
        header DK_POLICY_SIGNSOME       eval:check_domainkeys_signsome()
        header DK_POLICY_SIGNALL        eval:check_domainkeys_signall()

       Whitelisting based on verified signature:
        header USER_IN_DK_WHITELIST     eval:check_for_dk_whitelist_from()
        header USER_IN_DEF_DK_WL        eval:check_for_def_dk_whitelist_from()

       This is the DomainKeys plugin and it needs lots more documentation.

       Note that if the "Mail::SpamAssassin::Plugin::DKIM" plugin is installed
       with "Mail::DKIM" version 0.20 or later, that plugin will also perform
       Domain Key lookups on DomainKey-Signature headers, in which case this
       plugin is redundant.

       Here is author's note from module "Mail::DomainKeys" version 1.0:


         Please move on to DKIM like a responsible Internet user.  I have.

         I will leave this module here on CPAN for a while, just in case someone
         has grown to depend on it.  It is apparent that DK will not be the way
         of the future. Thus, it is time to put this module to ground before it
         causes any further harm.

         Thanks for your support,

       whitelist_from_dk addATress.com [signing domain name]
           Use this to supplement the whitelist_from addresses with a check to
           make sure the message has been signed by a DomainKeys signature
           that can be verified against the From: domain's DomainKeys public

           In order to support signing domain names that differ from the
           address domain name, only one whitelist entry is allowed per line,
           exactly like "whitelist_from_rcvd".  Multiple "whitelist_from_dk"
           lines are allowed.  File-glob style meta characters are allowed for
           the From: address, just like with "whitelist_from_rcvd".  The
           optional signing domain name parameter must match from the right-
           most side, also like in "whitelist_from_rcvd".

           If no signing domain name parameter is specified the domain of the
           address parameter specified will be used instead.

           The From: address is obtained from a signed part of the message
           (ie. the "From:" header), not from envelope data that is possible
           to forge.

           Since this whitelist requires a DomainKeys check to be made,
           network tests must be enabled.


             whitelist_from_dk joeATexample.com
             whitelist_from_dk *@corp.example.com

             whitelist_from_dk bobATit.net  example.net
             whitelist_from_dk *@eng.example.net   example.net

       def_whitelist_from_dk addATress.com [signing domain name]
           Same as "whitelist_from_dk", but used for the default whitelist
           entries in the SpamAssassin distribution.  The whitelist score is
           lower, because these are often targets for spammer spoofing.

       domainkeys_timeout n             (default: 5)
           How many seconds to wait for a DomainKeys query to complete, before
           scanning continues without the DomainKeys result.

perl v5.10.0                      2Mail::SpamAssassin::Plugin::DomainKeys(3pm)