Murray S. Kucherawy wrote: > On Wed, 14 Nov 2007, Alin N�~Cstac wrote: >> My test had a different purpose. I wanted to see if my MTA will >> reject spoofed messages (messages that appear to come from my users, >> but are received over unauthenticated SMTP sessions , from IP >> addresses outside peerlist/internalhosts and without a valid >> DKIM-Signature). > > This is not something dkim-filter will do for you. It will refuse to > sign such mail, but it won't reject such messages outright. Doing so > is outside the scope of its (current) design. Hmm... Then man page is awfully wrong:
UseSSPDeny (Boolean)
If "true", requests rejection of messages which are
determined to be "suspicious" according to
the sending domain's published signing procedure
(SSP) record if that record also recommends
rejection of such messages. This does not apply if the
SSP record advertises that the policy is
in test.
On-SignatureMissing (string)
Selects the action to be taken when a message arrives
unsigned from a domain which advertises a
"we sign everything" policy. Possible values are the
same as those for On-BadSignature. The
default is accept.
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________ dkim-milter-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/dkim-milter-discuss
