Russell Coker <russell@coker.com.au> wrote:
I use opendkim to check DKIM and also sign outbound messages. In almost all cases the program that signs messages will also check messages - assuming you use the same server for inbound and outbound mail.
I'm using opendkim as well (in both directions, naturally).
I use the Debian package postfix-policyd-spf-perl for SPF checks.
Thanks - I'll look at it.
I think that SpamAssassin does SPF checks by default and you can also configure it to use DKIM check results to add to the score (if you don't want to just reject mail that fails DKIM).
Another interesting option reviewed by lwn.net earlier in the year is rspamd - designed to be more modular than Spamassassin. It's on my list of tools to investigate.
Most mailing lists break SPF and DKIM so a reject will cause you some problems if you use many lists.
I do, but quarantine would have a similar effect (some of my mailing list posts would enter recipients' spam folders).
That's only if the header is modified for the mail to be "from" the list. Doing that requires a recent version of Mailman (in this case Debian/Jessie not Debian/Wheezy) and being willing to turn it on.
I hope more mailing list administrators upgrade and enable such options. The combination of DKIM, SPF and DMARC has the potential to provide a much increased ability to discern legitimate messages and to deal with the remainder appropriately.