John Peacock wrote:
My preliminary testing led me to believe that the domainkeys plugin was
ready for production testing. That was a mistake. Signed messages
being returned from listservs are failing the domainkeys check because
it uses the *list sender* rather than the message FROM when performing
the check. I've commented out the DENY for the moment, until I can
figure out what should be done (means I have to read the RFC's I suppose).
I went through the logic again and committed changes to
plugins/domainkeys which should take care of the problem. I've been
running it in log-only mode for a day or so and I haven't seen any
messages marked Bad; I've seen the following:
DomainKeys-Status: good
DomainKeys-Status: non-participant
DomainKeys-Status: no signature
DomainKeys-Status: testing
So I'm not sure that it is worth running this in blocking mode anyways,
but I'll run it for a while and report back.
John
