Dnia 2012-04-27, pią o godzinie 21:20 +0200, Wolfgang Breyha pisze:
> On 2012-04-27 20:29, Robert Wysocki wrote:
> > Dnia 2012-04-27, pią o godzinie 14:41 +0100, Michael J. Tubby B.Sc G8TIC
> > pisze:
> >> deny sender_domains = +dkim_known_signers
> >
> > And that's my point - as far as I know sender_domains is taken from
> > envelope not from From: header. Hence when From: headers' content is
> > spoofed but envelope-sender is not, signature won't be checked even if
> > From: is in dkim_known_signers list.
>
> Then use something like
> condition = ${if match_domain{${domain:$h_from:}}{+dkim_known_signers}\
> {yes}{no}}
> instead?
Thanks for the conditions, but if I read the documentation right,
acl_smtp_dkim is evaluated based on envelope-from, so including this
condition won't do me any good.
For example when I have a mail:
>From somebogusaddress@???
.
.
.
From: <somename@???>
and I have:
dkim_verify_signers = mydomain.tld:$dkim_signer
acl_smtp_dkim won't be called for this message (since spammydomain.tld
isn't included in dkim_verify_signers) and the condition you provided
won't be checked.
I'm looking for a way to check dkim signatures also for this kind of
spam.
Regards,
--
Robert Wysocki
administrator systemów linuksowych
CONTIUM S.A.,
http://www.contium.pl
