Hi, We've been having a problem with phishing attacks by spoofing the MAILFROM and From address. We've implemented SPF which takes care of the MAILFROM problem, and have built a number of rules that block From address spoofing.
We haven't implemented DKIM for our own domain yet, and it's not something we can do right now. There's still a legitimate requirement to have internal users use external services (createsend, constantcontact, etc) to distribute newsletters, etc, to internal users using users in our own domain. In other words, we want to block the unauthorized use of our internal users addresses, but permit the legitimate authorized users to be able to use these external services. Many of these services use DKIM to sign the messages. I just wanted to make sure I wasn't missing something important by whitelisting our own domain using the DKIM sigs that arrive? whitelist_from_dkim *@example.com whitelist_auth *@example.com Should I be able to test a message that was already received but quarantined for DKIM_VALID or has the message been changed in some way after receiving it that prevents it from passing DKIM? X-Envelope-From: <sender-shusdk1iulyjrtdh...@cmail20.com> From: "Sender" <sen...@example.com> To: "Recip" <re...@example.com> The message passes DKIM: -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=cm; d=example.com; h=Subject:From:To:Reply-To:Date:MIME-Version:Content-Type:List-Unsubscribe:Message-ID; i=sen...@example.com; bh=+As5afWxvhSaKbwlO/EZvX1OZrs=; b=o8CcMc3vzBUyeJVQ/27v75R/QZDPU8vB+AMr1Dg5TGyyEvwZYhTjlm9lTxteGVGzaZPAhtlVM 2nNUItbgRjnEvpbRA7Hdsh7QHAso8Mf4i1z3KfUqAFV3V1PMnO65 but running the message through spamassassin again with the whitelist entry doesn't actually whitelist the message. Ideas greatly appreciated. Thanks, Alex
