https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7559
--- Comment #5 from RW <[email protected]> --- (In reply to Bill Cole from comment #4) Verifier policies may use the > length of the signing key as one metric for determining whether a > signature is acceptable. Which is controlled in the DKIM plugin by dkim_minimum_key_bits n (default: 1024) The smallest size of a signing key (in bits) for a valid signature to be considered for whitelisting. Additionally, the eval function check_dkim_valid() will return false on short keys when called with explicitly listed domains, and the eval function check_dkim_valid_author_sig() will return false on short keys (regardless of its arguments). Setting the option to 0 disables a key size check. Note that the option has no effect when the eval function check_dkim_valid() is called with no arguments (like in a rule DKIM_VALID). A mere presence of some valid signature on a message has no reputational value (without being associated with a particular domain), regardless of its key size - anyone can prepend its own signature on a copy of some third party mail and re-send it, which makes it no more trustworthy than without such signature. This is also a reason for a rule DKIM_VALID to have a near-zero score, i.e. a rule hit is only informational. The bug is reporting documented intentional behaviour. I don't see any reason not to close it. -- You are receiving this mail because: You are the assignee for the bug.
