SPF and DKIM for anti-spam

Oh my God, this is the first time I successfully make Sendmail works on DKIM for outgoing and SPF verification for incoming emails. Hey, HSBC and Citibank do not use DKIM for anti-phishing even they send email notices to customers. In short, I am doing better than the two banks.

For DKIM. the processes as I can recall are:

1.      Generate key pair under the designated path /etc/mail/dkim-milter/keys, specifying a 
         selector (e.g. sept2013, my-dkim etc)
2.      Extract the public key for publishing as DNS txt records
3.      Edit keylists to tell which public keys be included and for what domain
4.      Edit sendmail.mc to add:
         INPUT_MAIL_FILTER(`dkim-filter', `S=local:/var/run/dkim-milter/dkim-milter.sock')

5.      Recompile sendmail.mc to sendmail.cf by m4
6.      Start up dkim-milter
7.      Restart sendmail

The benefits are two fold.  My emails can be verified by other DKIM-enabled SMTP servers for source authentication and the signature can guarantee no tamper is made in the end-to-end delivery process. On my server, the same can be done.

The public key can be found by:

#dig -t txt sept2013._domainkey.i3way,net
sept2013._domainkey.i3way.net. 3600 IN  TXT     "v=DKIM1\; g=*\; k=rsa\; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDDq8KAvkv66AOeWd3UnpR74kDcIS4dkL8xR8wzzHUTvrrJR9l3B+X5wTZkHctfhjKHBmZg+W7MZW1b5O4SHI/n3FbqJ+6MK5jxHyx02Q6HSTtaYXjzalE3K0zgy4DRN7n/iYvRgS99OJw6LrKDcnzfRuO554G68aRgd32yflw+DQIDAQAB"

Forget to mention that the RSA key pair has no expiry.  I can use for signing emails forever.

No comments: