NAME

Mail::SpamAssassin::Plugin::DomainKeys - perform DomainKeys verification tests

SYNOPSIS

 loadplugin Mail::SpamAssassin::Plugin::DomainKeys [/path/to/DomainKeys.pm]

 full DOMAINKEY_DOMAIN eval:check_domainkeys_verified()

DESCRIPTION

This is the DomainKeys plugin and it needs lots more documentation.

USER SETTINGS

domainkeys_timeout n (default: 5)

How many seconds to wait for a DomainKeys query to complete, before scanning continues without the DomainKeys result.

whitelist_from_dk add@ress.com [signing domain name]

Use this to supplement the whitelist_from addresses with a check to make sure the message has been signed by a DomainKeys signature that can be verified against the From: domain's DomainKeys public key.

In order to support signing domain names that differ from the address domain name, only one whitelist entry is allowed per line, exactly like whitelist_from_rcvd. Multiple whitelist_from_dk lines are allowed. File-glob style meta characters are allowed for the From: address, just like with whitelist_from_rcvd. The optional signing domain name parameter must match from the right-most side, also like in whitelist_from_rcvd.

If no signing domain name parameter is specified the domain of the address parameter specified will be used instead.

The From: address is obtained from a signed part of the message (ie. the "From:" header), not from envelope data that is possible to forge.

Since this whitelist requires a DomainKeys check to be made, network tests must be enabled.

Examples:

  whitelist_from_dk joe@example.com
  whitelist_from_dk *@corp.example.com

  whitelist_from_dk bob@it.example.net  example.net
  whitelist_from_dk *@eng.example.net   example.net

def_whitelist_from_dk add@ress.com [signing domain name]

Same as whitelist_from_dk, but used for the default whitelist entries in the SpamAssassin distribution. The whitelist score is lower, because these are often targets for spammer spoofing.