DKIM support for Postfix needs new Debian versions

Bug #159680 reported by Steven McCoy on 2007-11-03
Affects Status Importance Assigned to Milestone
amavisd-new (Ubuntu)
dkim-milter (Ubuntu)

Bug Description

Recommended packages by amavisd-new team recommend newer packages for dkim-filter and amavisd-new. Recommend at least for Hardy.

* use Postfix 2.3.12 or later, or 2.4.5 or later, or 2.5 (or later);
* amavisd-new 2.4.3 polished some corner issues on modifying mail header when releasing from a quarantine and defanging, and added some goodies affecting DKIM and DomainKeys to facilitate integration; version 2.5.2 (or later) is recommended;
* Mail::DKIM is very solid; use the latest version, currently 0.28;
* SpamAssassin 3.2.3 or later;
* At the time of writing the current version of dkim-milter is 2.3.2.

Related branches

Steven McCoy (fnjordy) wrote :

Both amavisd-new 2.5.2 and dkim-filter 2.3.2 are in Debian lenny and sid.

For DKIM verification Mail::DKIM 0.28 is also in Debian sid:

Scott Kitterman (kitterman) wrote :

Postfix and Spamassassin are already current in Gutsy and Hardy both.

Amavisd-new 2.5.2 is in Debian and already on my work list for Hardy.
DKIM-Milter/Filter just cleared the Debian New queue yesterday and is also on my list for merging.

libmail-dkim-perl is sync'ed from Debian unmodified and so will automaticallly stay up to date with Debian until Debian Import Freeze.

This early in the cycle bug reports like this are not particularly necessary. Near upstream version freeze/feature freeze reports like this can be important.

Steven McCoy (fnjordy) wrote :

I was wondering why the upstream updates didn't get into Gutsy. There were 6 updates to amavisd-new and 11 to dkim-milter that surprisingly didn't make it.


In Gutsy, amavisd-new and dkim-milter have the same version that Debian had
when we had the upstream version freeze.

I considered asking for a waiver for DKIM-Milter 2.0.2, but decided not to
because DKIM-Milter version 2 and higher do not support pre-RFC format
signature verification. At the time I made the decision, Google was still
using the pre-RFC format, so that seemed premature.

The dkim-base support in DKIM-Milter 1.2 is mature. DKIM-SSP is still being
developed and will change, so from a feature perspective it's not compelling
right now. The DKIM-Milter package in Gutsy also has a number of patches I
pulled back from later versions via Sourceforge, so should be robust and
useful for the 18 month life for Gutsy.

As it happens, the DKIM-Milter package for 2.0.2 had a grave flaw that would
have been extremely problematic had we released with it (which is why Debian
removed it from Lenny).

Changed in amavisd-new:
status: New → Fix Released
Changed in dkim-milter:
importance: Undecided → Wishlist
assignee: nobody → kitterman
status: New → In Progress
Scott Kitterman (kitterman) wrote :

dkim-milter (2.3.2.dfsg-1ubuntu1) hardy; urgency=low

  * Merge from Debian unstable (LP: #159680). Remaining Ubuntu changes:
    - Change default connection method from socket to localhost port 8891 in
      debian/dkim-filter.default for Postfix chroot compatibility
    - In debian/DEBIAN.Readme describe the changes in default configuration
      and Postfix configuration changes needed to use dkim-filter
    - Change maintainer to MOTU
    - Add test/install of pid dir to debian/dkim-filter.postinst to be safe
    - Change debian/rules and debian/control to add dpatch (No patches
      currently needed)

dkim-milter (2.3.2.dfsg-1) unstable; urgency=low

  * New upstream version
  * Since the filter can be used with more MTAs than just Sendmail,
    the short description has been reworded. Closes: #436922
  * libdkim-dev package section should be libdevel, not devel
  * Fixed another thinko in init script socket. Closes: #445145
  * Attempt to identify & clean up after stale socket files that
    can be left behind after an unclean exit
  * Rename libdkim2 and libdkim-dev to libsmdkim2 and libsmdkim-dev
    since there's already a libdkim0/libdkim-dev. The library and
    header files have also been moved to /usr/lib/libsmdkim and
    /usr/include/libsmdkim to prevent conflicts with the existing
  * Enable arlib resolver and DNS_UPGRADE feature

 -- Scott Kitterman <email address hidden> Sun, 04 Nov 2007 12:50:36 -0500

Changed in dkim-milter:
status: In Progress → Fix Released
Scott Kitterman (kitterman) wrote :

Updated dkim-milter is uploaded, but becuase the binary package names have changed they will got to the binary New queue and need to be reviewed by an archive admin before they are put in the archive.

Changed in dkim-milter:
assignee: kitterman → nobody
status: Fix Released → Fix Committed
Changed in dkim-milter:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers