Re: Another DKIM related question (or problem?)
On 2016-12-31 20:20, RW wrote: > Yes, whitelist_auth requires DKIM_VALID_AU. The use of the subdomain > is something that's allowed under DMARC. > whitelist_from_dkim my...@aol.com mx.aol.com Thanks! That explains things to a large degree. Now, what about the case when envelope and header sending domains differ? For example, I get notifications from craigslist searches, and they have From: ale...@craigslist.org but the envelope sender is something along the lines of nonsense_hash-itz=primate@alerts.craigslist.org and the DKIM signature domain is just craigslist.org. I know that I can have 2 whitelist entries, one for each form of the address, and that works (ie. I get a -100 score), but it's a bit ugly ;-) FWIW, the MTA inserts a Return-path header with the envelope sender, and I do tell spamassassin about it. -- Please *no* private Cc: on mailing lists and newsgroups Personal signed mail: please _encrypt_ and sign Don't clear-text sign: http://cr.yp.to/smtp/8bitmime.html
Re: Another DKIM related question (or problem?)
On Sat, 31 Dec 2016 11:24:55 -0800 Ian Zimmerman wrote: > I have a frequent correspondent on AOL. I have whitelisted her with > > whitelist_auth my...@aol.com > > and that is in fact the address on her mails (both envelope and > From:). But the whitelist rule doesn't fire, even though DKIM_VALID > _does_ fire. How so? > > I noticed that the domain with which AOL DKIM-signs is not aol.com, > but mx.aol.com. Could that be the reason? Yes, whitelist_auth requires DKIM_VALID_AU. The use of the subdomain is something that's allowed under DMARC. > If yes, is there a way to > make the whitelist work in this case? You have to use whitelist_from_dkim my...@aol.com mx.aol.com
Another DKIM related question (or problem?)
I have a frequent correspondent on AOL. I have whitelisted her with whitelist_auth my...@aol.com and that is in fact the address on her mails (both envelope and From:). But the whitelist rule doesn't fire, even though DKIM_VALID _does_ fire. How so? I noticed that the domain with which AOL DKIM-signs is not aol.com, but mx.aol.com. Could that be the reason? If yes, is there a way to make the whitelist work in this case? (I have other whitelist_auth lines, and they work as expected; in all those cases the domain of the address is exactly the same as the domain of the DKIM signature.) -- Please *no* private Cc: on mailing lists and newsgroups Personal signed mail: please _encrypt_ and sign Don't clear-text sign: http://cr.yp.to/smtp/8bitmime.html