Hi Jan,
Thanks for your comments... I realised this is going OT but... > It looks like you are rejecting mail based on an invalid DKIM signature. > You shouldn't do that, sourcefire.com doesn't even list an ADSP policy. I see what you mean, _adsp._domainkey.sourcefire.com doesn't exist. > But even if it did, you should still whitelist mails coming from known > mailinglists, because mailinglists tend to always break DKIM signatures of > the original sender, because of modifications to subject and body of the e- > mail. I've love to but opendkim doesn't appear (on first glance) to have the ability to do that. Will look into that. > But rejecting on a bad DKIM signature alone is simply not someone should > ever do. (If you're really keen to delete mails based on DKIM signatures, > look at DMARC instead: www.dmarc.org. That still doesn't deal with > mailinglist mails though, DMARC is aimed at large phishing-sensitive > senders like paypal or BoA) Just to clarifiy, are you suggesting that rejecting a DKIM signed email from a domain with a ADSP record of "dkim=discardable" still shoulnd't be rejected? Steve -------- Original Message -------- Subject: Re: [clamav-users] confirm fc348079837XXXXXXXXXXXXXXXXXXXXXXXXb8a2a7 (20-Nov-2012 10:57) From: Jan-Pieter Cornet <[email protected]> To: [email protected] > On 2012-11-16 10:23 , Steve Scotter wrote: > > I've had four of these in the last couple of months but hadn't had much > > time to look into it until today. Having checked my mail logs for 'clamav. > > net' I found an entry. > > > > 2012-11-15 21:57:26 mail info postfix/cleanup[63281] 4BBB21ABD25: > > milter- > > reject: END-OF-MESSAGE from ds049.xs4all.nl[194.109.142.194]: 5.7.0 bad > > DKIM signature data; from=<[email protected]> to=< > > XXXXXXXXXXXXXXXXXXXXXXXXXXX> proto=ESMTP helo=<tad.clamav.net> > > > > Searching for 4BBB21ABD25 revealved ... > > > > 2012-11-15T21:57:26.000+00:00 crimson opendkim[90753]: 4BBB21ABD25: ds049. > > xs4all.nl [194.109.142.194] not internal > > 2012-11-15T21:57:26.000+00:00 crimson opendkim[90753]: 4BBB21ABD25: not > > authenticated > > 2012-11-15T21:57:26.000+00:00 crimson opendkim[90753]: 4BBB21ABD25: s= > > google d=sourcefire.com SSL error:04077068:rsa routines:RSA_verify:bad > > signature > > 2012-11-15T21:57:26.000+00:00 crimson opendkim[90753]: 4BBB21ABD25: bad > > signature data > > > > Any ideas? > > It looks like you are rejecting mail based on an invalid DKIM signature. > You shouldn't do that, sourcefire.com doesn't even list an ADSP policy. > > But even if it did, you should still whitelist mails coming from known > mailinglists, because mailinglists tend to always break DKIM signatures of > the original sender, because of modifications to subject and body of the e- > mail. > > But rejecting on a bad DKIM signature alone is simply not someone should > ever do. (If you're really keen to delete mails based on DKIM signatures, > look at DMARC instead: www.dmarc.org. That still doesn't deal with > mailinglist mails though, DMARC is aimed at large phishing-sensitive > senders like paypal or BoA) > > -- > Jan-Pieter Cornet <[email protected]> > Systeembeheer XS4ALL Internet bv > Internet: www.xs4all.nl > Contact: www.xs4all.nl/contact > To: [email protected] [email protected] Cc: [email protected] DISCLAIMER This email is for the use of the intended recipient(s) only. If you have received this email in error, please notify the sender immediately and then delete it. If you are not the intended recipient, you must not keep, use, disclose, copy or distribute this email without the authors prior permission. We have taken precautions to minimise the risk of transmitting software viruses, but we advise you to carry out your own virus checks on any attachment to this message. We cannot accept liability for any loss or damage caused by software viruses. The information contained in this communication may be confidential and may be subject to the attorney-client privilege. If you are the intended recipient and you do not wish to receive similar electronic messages from us in future then please respond to the sender to this effect. _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
