On Mon, Apr 12, 2010 at 05:45:22PM +0000, Vernon Schryver wrote: > > From: Gary Mills <[email protected]> > > > With the `--with-domainkeys' > > configure option, it too produces the two headers: > > > > Authentication-Results: setup01.cc.umanitoba.ca; dkim=pass (1024-bit > > key) > > [email protected]; dkim-adsp=pass > > Authentication-Results: setup01.cc.umanitoba.ca; domainkeys=pass > > (testing) [email protected] > > I'm uncertain what "work" means in this case. However, > - if neither of the two separate headers nor the combined DK and DKIM header > change for a given SMTP client (mail sender), > - and if no mail from any other SMTP client has any or all of the > same headers, > -and if all three (two individuals and one combined) are in > /var/dcc/whiteclnt, > > then all mail from that SMTP client will be whitelisted by dccm and dccifd, > and no mail from any other SMTP client will be affected by those > whiteclnt entries.
I suppose I meant which would be the most convenient and manageable way to whitelist messages. The milter will ensure that only it can add those headers, and that they contain a unique domain name or e-mail address. Having two individual headers would be a problem because it would require me to list both of them in the client whitelist file. Otherwise, my existing whitelist entries for DKIM only would stop working. I'd prefer to be able to tell the milter to add only the DKIM header if that signing was used, or add only the DK header if DK signing was used. Putting them both in one header seems peculiar to me. What happens if one succeeds and the other fails? It's really a matter of communication between the sendmail milter and the DCC client. I'd like to see this kept as simple as possible. If the milter could state ``this message is authenticated for this sender'' in a reliable way, wouldn't that be sufficient for whitelisting? -- -Gary Mills- -Unix Group- -Computer and Network Services- _______________________________________________ DCC mailing list [email protected] http://www.rhyolite.com/mailman/listinfo/dcc
