amavisd-new 2.7.1 , dkim-adsp=pass

Steve steeeeeveee at gmx.net
Wed May 23 19:59:23 CEST 2012 

-------- Original-Nachricht --------
> Datum: Wed, 23 May 2012 18:39:02 +0200
> Von: Mark Martinec <Mark.Martinec+amavis at ijs.si>
> An: amavis-users at amavis.org
> Betreff: Re: amavisd-new 2.7.1 , dkim-adsp=pass

> Steve,
> 
Mark,


> > While having your attention, might I ask you another DKIM related
> question?
> > What happens if a sender has DKIM and has signed his/her subject line?
> > Does amavis take care of that or will it prefix the subject with
> SPAM/Not
> > Checked/etc entries and break DKIM?
> 
> If you have it configured to modify a Subject, it will do so regardless
> of whether this header field was signed or not. And yes, this will break
> subsequent DKIM tests, so it is prudent to tag a subject close to a final
> delivery, where no further sw components will be re-examining the
> signature.
> 
this was not exactly my question. My question is more going in this direction:

* Domain A sings all their outbound mail with DKIM.
* User form domain A sends mail to Domain B.
* Mail server running at domain B uses amavisd-new to verify signatures and uses SA within amavisd-new.
* The SA code thinks that the message from domain A is spam and the subject gets rewritten.
* Domain A however sings their subject.

Result is that DKIM is broken after the subject has been tagged. Right?


> Note that Subject tagging is only done for local recipients, so outgoing
> signed mail will not be affected.
> 
> > Well... I think we should not go into discussion about that but IMHO
> good
> > written C code usually beats good written Perl code.
> 
> Stress on 'good'.
> 
Ohhh... Mark. I do coding since ages and no language magically makes code fly. I am for sure not one of those guys claiming that everything written in Assembler is faster than C and everything written in C is faster than Java/Perl/Ruby/you name it.

That 'good' is the key! I have seen synthetic benchmarks where one specific task was faster processed with a Java code than the same task compiled with a certain C compiler.

Something being written in C does not automatically makes it faster than code written in Perl.


> Incidently, benchmarking of DKIM signature verification
> in a perl module Mail::DKIM (as used by amavisd and SpamAssassin) revealed
> that the pure-perl version can canonicalize a message and verify a
> signature
> faster than Mail::OpenDKIM, which uses a C library of OpenDKIM underneath.
> The reason is that the Perl implementation deals with large chunks of text
> in one operation, where the OpenDKIM lost precious time in its chain of
> subroutine calls, passing around small pieces of text.
> 
Well... then those guys at OpenDKIM have potential in making their software faster :)

Anyway... good to see that Mail::DKIM can be faster than another package using the C library of OpenDKIM.


>   Mark

-- 
NEU: FreePhone 3-fach-Flat mit kostenlosem Smartphone!                                  
Jetzt informieren: http://mobile.1und1.de/?ac=OM.PW.PW003K20328T7073a

More information about the amavis-users mailing list