On Thu, Mar 3, 2011 at 2:59 AM, Mark Martinec <Mark.Martinec+dkim_at_ijs.si> wrote:
>> I would use on, or the other, of OpenDKIM and Amavis, to handle
>> the DKIM tasks, but not both, nor would I use a mix of them.
>
> Agreed, use one or the other: if amavisd (and SpamAssassin) is already
> in use, then use its DKIM capabilities, otherwise go for OpenDKIM.
> OpenDKIM is better geared towards sendmail (but works with Postfix too),
> while amavisd is better geared towards Postfix (but works with sendmail too).
After reading the DKIM section of the Amavis docs yesterday and
tinkering a bit yesterday and this morning (trying to sign and/or
verify with OpenDKIM, Amavis, and SA), I've decided:
1) I like OpenDKIM signing my outgoing messages. OpenDKIM's config was
way easier than Amavis, because I couldn't get Amavis to sign a
message after tinkering with it for 10 minutes, which is 5 minutes
longer than it took me to sign my first message the first time I tried
OpenDKIM. :)
2) I like SpamAssassin scoring incoming messages based on their DKIM
signatures (or lack thereof), ADSP policies, and some whitelisting (as
put forth in the aforementioned Amavis docs). I can use SA's local.cf
file to set up whatever scoring preferences I want.
3) I like Amavis enforcing policies on incoming messages based on
their SA score (since it's already doing policy enforcement anyway for
ClamAV and SA).
> Running both is possible, but there is no need to complicate one's life.
Yes, it's possible - and it really wasn't that complicated! :)
SteveJ
Received on Thu Mar 03 2011 - 16:56:05 PST
This archive was generated by hypermail 2.2.0+W3C-0.50 : Sun May 15 2011 - 15:58:21 PST