On Sat, 21 Jul 2007, Jukka Salmi wrote: > - While dk-milter(8) accepts _all_ messages from domains which are > using DomainKeys in testing mode (i.e. dk-filter.c:mlfi_eom() returns > SMFIS_ACCEPT if DK_FLAG_TESTING is set), dkim-milter(8) seems not > to care about the `testing' flag. Is this correct? IIUC RFC 4871 > tells verifiers to always accept such messages...
dkim-filter uses the testing flag to decide whether to return a result of "neutral" or "fail" when the signature fails to verify. Either way, the message is accepted (and by that I mean it is not rejected in the SMTP sense). > - Messages from hosts in the PeerList are processed by dkim-milter(8) > (i.e. signed or verified). Reading dkim-filter.conf(5), such messages > should be accepted without being processed. I see the same with > dk-milter(8), thus I'm not sure if I understand the meaning of the > peers... The peerlist is checked in mlfi_connect() and, if there's a match, that function returns SMFIS_ACCEPT which tells the MTA to accept all traffic from that connection without any further processing by the filter. At least that's how sendmail works; perhaps postfix has a slightly different interpretation of that response after the connection callback. ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ dkim-milter-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/dkim-milter-discuss
