Help get this topic noticed by sharing it on Twitter, Facebook, or email.
I’m unsure

DKIM / DomainKey with Thunderbird

It seems almost impossible to sign outgoing emails with DKIM / DomainKey. I have spent a couple of hours trying, and did not succeed.
There are no extensions for doing this, and there are no straightforward way to do this.
I want to know if it's possible at all, and if so, how to do it?
4 people have
this question
+1
Reply
  • 1
    There is and should not be a way to sign mails with DKIM inside a client. DKIM signing must be done in the MTA (mail transfer agent) aka the mailserver of you're provider.

    Remember you not only have to sign, you also have to publish the public key through DNS.
    • view 1 more comment
    • Yes, the whole point of DKIM is not verification of sender person but verification of sending PARTY.

      That way you know that an email claiming to be from voidspace.org.uk. really did originate from that domain (whether compromised or not) and was not spoofed by a third-party.
    • How can DKIM possibly provide that guarantee, Anand? The only thing it can guarantee you is that the person who sent them had some form of access to the private key, be it direct or by knowing the SMTP password or whatever.

      Not implementing this in Thunderbird does not affect the security of DKIM as such.
  • (some HTML allowed)
    How does this make you feel?
    Add Image
    I'm

    e.g. kidding, amused, unsure, silly indifferent, undecided, unconcerned happy, confident, thankful, excited sad, anxious, confused, frustrated

  • You need both: access to the DNS TXT record and access to the mailserver setup - with postfix: mail.cf

    The public key generated with a keygen tool description for debian/ubuntu here:

    http://askubuntu.com/questions/134725...

    is set up at the TXT record either of your domain name or your MX record.

    The private key is kept secert on your server (limited access to users) and is used to generate a single key which can be check at the recipient side against the public key. (result: pass - not passed)

    It is not difficult - but needs some experience in setting up a mailserver.

    For the other way round a "milter" is reqired - i suggest the use of milter-manager.

    http://milter-manager.sourceforge.net...

    This needs more experience as the milter porcess has to be fully understood.
    Also the way local ports are used to pass the data to an other process and back to the mailserver (postfix) needs to be understood .. otherwise the mail gets stuck.

    To check unprocessed / the success of filtering mail I use webmin ..

    Finally: also spamassassin can "learn" to filter out DKIM signed mail with a wrong key phrase.

    http://o-o-s.de/2009-01-11/spamssassi...

    That is the most elegant way: so a false / faked phrase would receive the subject text SPAM.

    Hint: to run a successful mailserver you need a static IP + an rDNS entry which is according your MX record.
  • (some HTML allowed)
    How does this make you feel?
    Add Image
    I'm

    e.g. kidding, amused, unsure, silly indifferent, undecided, unconcerned happy, confident, thankful, excited sad, anxious, confused, frustrated