Jason White jason at
Thu Dec 24 13:00:35 AEDT 2015

Russell Coker <russell at> wrote:
> I use opendkim to check DKIM and also sign outbound messages.  In almost all 
> cases the program that signs messages will also check messages - assuming you 
> use the same server for inbound and outbound mail.

I'm using opendkim as well (in both directions, naturally).

> I use the Debian package postfix-policyd-spf-perl for SPF checks.

Thanks - I'll look at it.
> I think that SpamAssassin does SPF checks by default and you can also configure 
> it to use DKIM check results to add to the score (if you don't want to just 
> reject mail that fails DKIM).

Another interesting option reviewed by earlier in the year is rspamd -
designed to be more modular than Spamassassin.

It's on my list of tools to investigate.
> Most mailing lists break SPF and DKIM so a reject will cause you some problems 
> if you use many lists.

I do, but quarantine would have a similar effect (some of my mailing list
posts would enter recipients' spam folders).
> That's only if the header is modified for the mail to be "from" the list.  
> Doing that requires a recent version of Mailman (in this case Debian/Jessie 
> not Debian/Wheezy) and being willing to turn it on.

I hope more mailing list administrators upgrade and enable such options. The
combination of DKIM, SPF and DMARC has the potential to provide a much
increased ability to discern legitimate messages and to deal with the
remainder appropriately.

More information about the luv-main mailing list