Whitelisting based on [internal] DKIM

[DynFi User]

Handling some complex scenarios and would like to know if It is possible to set a rule that will whitelist internal transfered e-mail based on [internal] DKIM signature.

E-mail would be first signed by an internal MTA, before being delivered to PMG, and we would need to:

1. whitelist based on DKIM signature
2. remove header with DKIM signature
3. sign with the proper key
4. transfer for delivery

Can I do that with existing tools in PMG ?

 

[Stoiko Ivanov]

whitelist based on DKIM signature

This is not really possible by just using the GUI - you can approximate that by setting a very high negative score on the DKIM_VALID rules in spamassassin - use custom score. - However keep in mind that the SpamAssassin configuration is the same for inbound and outbound mails - so that might not be the best idea

remove header with DKIM signature

completely removing a header is not possible - you can just change it's value with a modify field action

1. sign with the proper key
2. transfer for delivery

This is built-in with the DKIM-signer of PMG - the mails get signed after passing through the rule system

Additionally - your DNS server needs to return the DKIM-Key to your PMG upon request (i.e. you might need some kind of split-DNS setup)

I hope this helps!