amavisd-new 2.7.1 , dkim-adsp=pass

Steve steeeeeveee at
Wed May 23 19:59:23 CEST 2012

-------- Original-Nachricht --------
> Datum: Wed, 23 May 2012 18:39:02 +0200
> Von: Mark Martinec <Mark.Martinec+amavis at>
> An: amavis-users at
> Betreff: Re: amavisd-new 2.7.1 , dkim-adsp=pass

> Steve,

> > While having your attention, might I ask you another DKIM related
> question?
> > What happens if a sender has DKIM and has signed his/her subject line?
> > Does amavis take care of that or will it prefix the subject with
> SPAM/Not
> > Checked/etc entries and break DKIM?
> If you have it configured to modify a Subject, it will do so regardless
> of whether this header field was signed or not. And yes, this will break
> subsequent DKIM tests, so it is prudent to tag a subject close to a final
> delivery, where no further sw components will be re-examining the
> signature.
this was not exactly my question. My question is more going in this direction:

* Domain A sings all their outbound mail with DKIM.
* User form domain A sends mail to Domain B.
* Mail server running at domain B uses amavisd-new to verify signatures and uses SA within amavisd-new.
* The SA code thinks that the message from domain A is spam and the subject gets rewritten.
* Domain A however sings their subject.

Result is that DKIM is broken after the subject has been tagged. Right?

> Note that Subject tagging is only done for local recipients, so outgoing
> signed mail will not be affected.
> > Well... I think we should not go into discussion about that but IMHO
> good
> > written C code usually beats good written Perl code.
> Stress on 'good'.
Ohhh... Mark. I do coding since ages and no language magically makes code fly. I am for sure not one of those guys claiming that everything written in Assembler is faster than C and everything written in C is faster than Java/Perl/Ruby/you name it.

That 'good' is the key! I have seen synthetic benchmarks where one specific task was faster processed with a Java code than the same task compiled with a certain C compiler.

Something being written in C does not automatically makes it faster than code written in Perl.

> Incidently, benchmarking of DKIM signature verification
> in a perl module Mail::DKIM (as used by amavisd and SpamAssassin) revealed
> that the pure-perl version can canonicalize a message and verify a
> signature
> faster than Mail::OpenDKIM, which uses a C library of OpenDKIM underneath.
> The reason is that the Perl implementation deals with large chunks of text
> in one operation, where the OpenDKIM lost precious time in its chain of
> subroutine calls, passing around small pieces of text.
Well... then those guys at OpenDKIM have potential in making their software faster :)

Anyway... good to see that Mail::DKIM can be faster than another package using the C library of OpenDKIM.

>   Mark

NEU: FreePhone 3-fach-Flat mit kostenlosem Smartphone!                                  
Jetzt informieren:

More information about the amavis-users mailing list