-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On Monday, March 11 at 09:50 PM, quoth Vahid Moghaddasi:
> I am using a Perl script for DKIM signing of our mass e-mail
> broadcast which of course take more CPU time than I would want to,
> and now there is DMARC http://www.dmarc.org/ authentication method
> that we need to use for many dmains. My question is, how do I
> incorporate DMARC into qmail? Also, what DKIM program is preffered
> to use with qmail. Thanks,
DMARC isn't a new authentication method. If you look at the "Overview"
page of the site you sent, at the bottom, they have the 5 steps
necessary to deploy DMARC. The first two are to ensure you have DKIM
and SPF working (which you've already done). The third is to publish a
DNS record (which has nothing to do with qmail). The fourth is to
analyze the data reports you get back from recipients as part of the
DMARC program (which has nothing to do with qmail). And the fifth is
to update your DMARC policy flags in DNS as necessary (which has
nothing to do with qmail). So, unless you know something I don't, it
doesn't look like you need to do anything with qmail to employ DMARC.
Now, as far as what DKIM program is preferred to use with qmail...
qmail isn't quite so centralized as all that. There are several
different options, and the preference over which to use is largely up
to the fellow setting it up (i.e. you). I wrote one wrapper script in
perl (maybe it's the one you're using), and I believe there are
others. It's possible that using a patch (such as the ones from
Brandon Turner or Manvendra Bhangui or Mihai Secasiu) will provide you
better performance than a Perl-based wrapper, but, in my opinion, the
overhead of using a perl script is probably insignificant: the fact
that you're computing a cryptographic hash of *every* message is the
real CPU eater. However, CPU cycles are pretty cheap these days,
especially compared to I/O (i.e. the cost of sending the email out
over the network). I'm curious what problems you've experienced as a
result of the CPU overhead of signing your outbound messages.
~Kyle
- --
Our lives begin to end the day we become silent about things that
matter.
-- Martin Luther King Jr.
-----BEGIN PGP SIGNATURE-----
Comment: Thank you for using encryption!
iQIcBAEBCAAGBQJRPynQAAoJECuveozR/AWe0d0P/2LMCKGAbe3sIQanx4taj9rz
afVQ2+EqMrCT7QxDnKq/gmhvBTtO3i6Jr1jEegUPDICEtKIdjHO1xAyTY5l6dd/W
G2BwZ060MKnq3q+Ua3G1tBKExxJDhzZYqMHaW0JTdWlP0aG0mfBezNAlZb+NMsFi
qX7x+ZmgAFOZpFNTET4MjzryixLvVtaRxVu/eDluLjaJyk7GT5rEBVseWRXovNfD
4IEhU0Bc9UCr3JXh/aXGhgEYFNhspoq5AQEFNQcR9zS4Xf8t0PCITJ3H7BnMmTHN
AwdECrdG7vBFcrHBxhfrwkSIfCykct43fOaq5zigMkdeBTIELBYgh8Yow4AWvp/k
O9lJnzgMre+0Fp+mPFDRKRi97miTPt+zbaE9uEz+65GteINf3zGnbY5E5/3HKwUi
vhxK60m6bwhVJefA/Roc4WsXJeFIZY3NnfafN62FtRp0djBqb6pvfrWt3mYcQmLK
CDRv/iLalCZUfBE7rHgVo1afajCiSM8g+Ib7UNL5c8lt85hX5uWpqlQj7yG7c5rg
JbRmlfRdh693JeHzdUh4ckp7hBbIsCYaWS1HLOc12tSp7gJMmjueYg292mCF1Wmu
l5HwF4cp9ApBTMSHYH1d6SWCnrOhkp2yjBCOh2in4Odz/MVvo8miUYJfRqclCfS8
kNsUdjhPjHKOes86s8Xp
=8HSh
-----END PGP SIGNATURE-----