On Thu, 13 Dec 2007, Mark Martinec wrote: > How about a general catch-all setting, so that instead of having to > list each one in -C (including the new ones potentially introduced > with later versions), one could specify only one. > > E.g. instead of "-C dns=a,int=a" > one could have something like "-C default=a" > (or equivalent in a configuration file).
Sounds reasonable. Can you make it a feature request on SourceForge? >> Does a receiving MTA have the right to reject a message with properties >> it considers to be a possible attack attempt? > > Yes, MTA (or its filters) has this right. > > But a dedicated filter which is intended to check exactly one > aspect of a message has no right to extend its vocation and say: > "although I can't say anything about signatures/ssp, I believe this > message is harmful to your eyes so I'll just step in and reject it" There's no "harmful to your eyes" logic in play here. The issue is the arbitrary trust of user-provided data. The fact that a user can connect to an MTA and feed an unbounded number of headers thus causing dkim-filter to become gigantic is what I'm trying to avert. You're right though that the default action should probably not be to reject the message. ------------------------------------------------------------------------- SF.Net email is sponsored by: Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace _______________________________________________ dkim-milter-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/dkim-milter-discuss
