again:
ASSP uses the DKIM signature identity
If you don't know, what a DKIM signature identity is, how it is build,
which DKIM tags and MIME header lines are how used .....
from the dkimconfig.txt
...
Please read RFC 4871 or the documentation of the Perl module
Mail::DKIM ....
The latest RFC for DKIM is
RFC 6376 DKIM Signatures September 2011
And don't bother me again with this!
Thomas
Von: "K Post" <nntp.p...@gmail.com>
An: "ASSP development mailing list" <assp-test@lists.sourceforge.net>
Datum: 26.03.2018 16:31
Betreff: Re: [Assp-test] New DKIM Whilelisted Addresses Feature
I understand that, and I sense your frustration, but I'm obviously not
understanding something.
Thanks for the changes in 18085. It looks like there's going to be some
great enhancements to work with. Every little bit helps, and these are
some pretty big bits! Thanks.
Still, I don't understand why validating DKIM only when it has an i=
record is what we'd want. Isn't d= signing without i= almost as useful?
All the tests I've done with DKIM sent to other providers seems to
indicate valid signatures even without the i=
So why isn't ASSP coded to also consider the domain? Why wouldn't we want
it to? Is d= not also a good way of showing that a message is really
coming from the domain it claims to be? Yes, i= identifies the specific
address and is more granular, but as I understand it d= validates the
domain generally which is useful.
Please hear me out by listening to this specific example. There's lots
more where this is a real world problem that could be solved as I see it
by d= dkim validation.
Take authentication emails from microsoft for example, where they are
signed only with d=accountprotection.microsoft.com without an i= line.
To be able to automatically NP these when we know the DKIM is valid would
be invaluable. It's exactly these type of emails that have a tendency to
be erroneously tagged as spam. Their body sounds a lot like the scam
versions that are regularly intercepted. It comes from the Office365
service, so we can't senderbase allow that. Scammers often send mail from
the same account-security-nore...@accountprotection.microsoft.com address,
so we can't whitelist that. Even if we could magically pass it based on a
SPF match alone, that wouldn't work because scammers could also send
spoofed through the same set of 0ffice365 public servers.
A d= DKIM signature shows that someone who controls the DKIM record
provided a signing key to the server that sent this mail. We know that
these are always DKIM signed, but because ASSP ignores the valid d= (only)
signature and only looks for i=, the signature in this example isn't
validated. I don't understand why validating d= as well wouldn't be the
desired functionality.
DKIM i= records are gold, but d= only records are pretty close to perfect
too, so will you please reconsider changing ASSP to do so?
On Mon, Mar 26, 2018 at 2:18 AM, Thomas Eckardt <
thomas.ecka...@thockar.com> wrote:
again:
ASSP uses the DKIM signature identity
Thomas
Von: "K Post" <nntp.p...@gmail.com>
An: "ASSP development mailing list" <
assp-test@lists.sourceforge.net>
Datum: 25.03.2018 19:04
Betreff: Re: [Assp-test] New DKIM Whilelisted Addresses Feature
Is there a particular reason that ASSP can't also look to the d= tag?
2 thoughts here:
1) Unless I have something misconfigured, when ASSP sends DKIM signed mail
it doesn't use an i= tag. Shouldn't ASSP be accepting of that for
incoming mail?
2) Doing an very unscientific review of various inbound messages, of those
that are DKIM signed, less than 25% seem to have the identity tag. They
all obviously have the d= tag. Sure, i= is great, but if most have
only the d- tag, why aren't we taking that into account? The perl module
seems to support it. If the signature validates using the d=, shouldn't
we treat this as validated? I must not be understanding something.
On Sun, Mar 25, 2018 at 4:57 AM, Thomas Eckardt <
thomas.ecka...@thockar.com> wrote:
ASSP uses the DKIM signature identity, which is mostly the i= tag. DKIM
signatures without an identity are invalid. The i= tag is only one way (of
multiple) to define a DKIM identiy
Thomas
Von: "K Post" <nntp.p...@gmail.com>
An: "ASSP development mailing list" <
assp-test@lists.sourceforge.net>
Datum: 24.03.2018 15:26
Betreff: Re: [Assp-test] New DKIM Whilelisted Addresses Feature
The gui says that these 2 new features check the i= line. Lots of
messages I'm seeing only has the d= entry (including mail sent through
other ASSP servers). Could we check that as well?
On Tue, Mar 20, 2018 at 2:48 AM, Thomas Eckardt <
thomas.ecka...@thockar.com> wrote:
>let people know that senderbase matches will be put in okay mail (not in
notspam)
Collecting HAM is done flag (no flag, whitelisted, noprocessing) based and
like configured.
Thomas
Von: "K Post" <nntp.p...@gmail.com>
An: "ASSP development mailing list" <
assp-test@lists.sourceforge.net>
Datum: 19.03.2018 14:55
Betreff: Re: [Assp-test] New DKIM Whilelisted Addresses Feature
Sorry for the multiple messages on this, but thanks as always for the
update!
When I read "the mail will be processed as whitelisted" I got worried that
it would be treated exactly as whitelisted, which could mean added to the
whitelist itself. So, based on your note, I'd suggest changing the
description of DKIMWLAddresses from
If a valid DKIM or DomainKey signature is found and the signature identity
tag (i=u...@domain.tld) matches any of these addresses, the mail will be
processed as Whitelisted.
to
If a valid DKIM or DomainKey signature is found and the signature identity
tag (i=u...@domain.tld) matches any of these addresses, the mail will be
passed and saved as if it were Whitelisted. The message will pass all
filters and will be added to the notspam corpus just like mail from a
whitelisted sender would be. Unlike a true whitelisted sender, no
whitelist address additions will be made
Also, maybe put something in the SenderBase section to let people know
that senderbase matches will be put in okay mail (not in notspam) and that
people might also consider the DKIMWLAddresses to add to the notpspam
corpus if there's a DKIM match?
On Mon, Mar 19, 2018 at 3:24 AM, Thomas Eckardt <
thomas.ecka...@thockar.com> wrote:
>will this actually add the other non-local addresses to the whitelist
itself based on the NotGreedyWhitelist setting?
No.
Thomas
Von: "K Post" <nntp.p...@gmail.com>
An: "ASSP development mailing list" <
assp-test@lists.sourceforge.net>
Datum: 18.03.2018 20:34
Betreff: Re: [Assp-test] New DKIM Whilelisted Addresses Feature
SORRY, - I meant to kill the last message and start over, but hit send
inadvertently.
Thanks again for implementing this.
If there's a match in the DKIM Whitelisted Addresses file will this
actually add the other non-local addresses to the whitelist itself based
on the NotGreedyWhitelist setting? I hope not. If so, can we get
another file option like DKIMTreatAsNotSpamAddresses which would treat the
message as if it were whitelisted in terms of letting the message through
and storing it in notspam, but not actually whitelisting the from and
other addresses?
On Sun, Mar 18, 2018 at 2:22 PM, K Post <nntp.p...@gmail.com> wrote:
Thanks again for implementing this.
Question, if I have something like
u...@domain.tld
in the DKIMWLAddresses file
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the
individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the
individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the
individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the
individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the
individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
