Milter-greylist

--- In milter-greylist@yahoogroups.com, manu@... wrote:
>
> Jim Hermann <hostmaster@...> wrote:
> 
> > No.  They are separate standards.  Yahoo develeped DomainKeys 
and 
> > still uses it.  DKIM was the combinations of DK and something 
else. 
> > A valid DKIM Header will not pass DomainKeys and vice versa.
> 
> Is there a library that implement both protocols at the same time? If
> there isn't, which one is the most useful?

I have not found a library that implments both standards.

I have been using dk-filter for several months.  It is flakey and hard to 
use.  They released dk-filter version 0.60 and stopped all additional 
work.  As near as I can determine, it does not use a file for 
configuration settings, so eveything has to be a command line 
parameter.

Getting it to validate inbound email was not hard.  Getting it to sign 
outbound email was the problem.  It uses only the From: or Sender: 
Header values and requires that they match the signing domain.  I had 
to add the Sender: Header back to my mailing list servers, which I don't 
like because of the effect on MS Outlook.

For forwarded email messages, I had to implement a mime-defang 
program to identify email that will be forwarded and add a Sender: 
Header value.

Oh yeah, both the mailing list servers and the mime-defang programs 
had to remove any existing DomainKeys signature or dk-filter would not 
sign the outbound email.

I am just about to start using dkim-filter in addition to dk-filter.  It is 
supported better.  They have released several updates this year.  It 
uses a configuration file.  It signs any email that you specify, 
independent of existing Headers. 

DKIM definitely is the preferred standard.

Jim