> -----Original Message-----
> From: Erik Lotspeich [mailto:[email protected]]
> Sent: Saturday, July 25, 2009 9:19 PM
> To: dkim-milter
> Subject: [dkim-milter-discuss] Verification not failing
>
> Hi,
>
> I am extremely stumped by this issue. Here are some e-mail headers for
> an e-mail that is not failing an ADSP check. My policy is sign
> everything. This mailing list strips the DKIM signature out of the
> headers, as you can see.
> [...]
I'm on a layover enroute to IETF, but I had a quick look and thus here's a
guess. There's some old code that's still in there from the early DomainKeys
days which specifies a list of headers to search for the actual sender of the
message. That list is not constrained to "From" only by default (as it
probably should be for modern DKIM), so it's probably doing its ADSP check
based on the "Sender" header which, in this case, contains the address of the
list and not that of the message's author.
To test this, recompile enabling _FFR_SENDER_HEADERS, then set this in your
configuration file:
SenderHeaders From
...and watch your logs for another message from the list.
-MSK
------------------------------------------------------------------------------
_______________________________________________
dkim-milter-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/dkim-milter-discuss
