Hi Gary,
My intent, which I articulated in another email on the list and instead
of reinventing the wheel, was exactly as you deduced in your email, that
is, to allow spamassassin to score DKIM which it does; however, I have
not done anything as far as a tailoring configuration for QMT and was
content to allow users that scoring decision. My goal is to drop the
specially created QMT spamassassin (and clamav) rpm, which I've done in
CentOS 8, and use the stock rpm from EPEL.
I think you can override default scoring for DKIM in
/etc/spamassassin/local.cf on COS7 and /etc/mail/spamassassin/local.cf
on COS8.
Eric
On 6/2/2020 8:09 AM, Gary Bowling wrote:
What is everyone doing these days for DKIM verification, i.e. checking
incoming mail for DKIM signatures?
Background
Many years ago, when DKIM was first introduced to the toaster (maybe
it was even in the Shupp's toaster days), I installed and turned on
incoming DKIM verification. Initially I set it to "reject" unsigned
email and of course that was a disaster as it blocked most everything.
Back then, the choice was to have it verify emails, but not block
them, or remove verification. I made the decision that checking
without doing anything was a waste of resources, so I removed any DKIM
verification. I don't remember how I did all this, as it was years ago.
Then at some point DKIM verification was added to spamassassin, or
maybe it was always there but we didn't implement the plugin. At any
rate, spamassassin DKIM verification was added to the toaster.
Which seems like a good thing as spamassassin can assign a score to
DKIM verification which plays into whether a msg is marked as spam or
not. The problem with it though, is the score for NOT being verified
is very low, something like .01, which essentially does nothing. I
can't find any "user" added parameter that would increase that score
and don't really know if that's a good thing to try to do. If it were
a good thing, I would think it would be a commonly used setting, which
doesn't appear to be the case.
What to do in 2020?
So the question is, what to do about DKIM verification in 2020? From
the way my server is configured it appears to be useless. But maybe
that's because I don't know how to best configure it.
Side Note
On a side note, I do use outbound DKIM and have DNS set up, etc. I
have no idea if this is useful or not, but I'll leave it, hoping that
somehow this reduces my probability of being rejected by some server
out there. But from what I can tell, it really does nothing. Seems to
me DKIM is nothing more than an exercise in futility and extra work
for postmasters :)
--
____________________
Gary Bowling
The Moderns on Spotify <https://distrokid.com/hyperfollow/themoderns/bbrs>
____________________
---------------------------------------------------------------------
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com