> > I think the hour or less it would take to replace dkimproxy with > OpenDKIM would be well spent. > > A big +1 on this. I wrestled with DKIM-Proxy for a couple of afternoons before stumbling upon OpenDKIM. I had it up and running and playing nicely with Amavis-new in under an hour.
The following isn't one of my normal walkthrough HowTo blog posts, but it does contain some notes I wrote to myself about things to consider when deploying OpenDKIM with Amavis-new. I've also got additional stuff there detailing how to configure OpenDKIM, too (disclosure: I'm the maintainer of the Fedora / EPEL OpenDKIM package). The OpenDKIM developer announced the newest beta yesterday, including "An experimental implementation of a DKIM-based reputation system is present, and support for it as a reputation client (in the filter) and as a server are present in the package." The main reason I'm a fan of using OpenDKIM over Amavis-new's for signing is that OpenDKIM keeps pace more rapidly with changes to the DKIM standards, and is looking forward to reputation-based decision making based on DKIM signatures. Most Postfix admins could get OpenDKIM up and running on their lunch break, and still have time to eat. :) SteveJ
