[exim] Re: autoreply and DKIM signature ?

Página Principal
Apagar esta mensagem
Responder a esta mensagem
Autor: Julian Bradfield
Data:  
Para: exim-users
Assunto: [exim] Re: autoreply and DKIM signature ?
On 2024-08-15, Viktor Dukhovni via Exim-users <exim-users@???> wrote:
> On Thu, Aug 15, 2024 at 08:26:06AM +0100, Julian Bradfield via Exim-users wrote:
>
>> > No. Alignment, etc., is DMARC not DKIM. Absent a DMARC policy for
>> > the "From:" domain, any the DKIM signature allows the receiving system
>> > to use the "d=" value as a key into a reputation system, but questions
>> > of "forgery" do not arise.
>>
>> DKIM simply says "this message has been signed by this domain". An
>> Identity Asessor is trying to work out what, if anything, it knows
>> about the message. If it sees a message signed by a non-aligned
>> domain, then it knows nothing useful, and might indeed choose to infer
>> that the message is a forgery.
>
> Certainly no more so than a message that has no DKIM signature at all,
> and in either case, absent DMARC "p=(reject|quarantine)" the receiving
> system SHOULD NOT infer forgery, which would constitute an implicit
> unwarranted "p=(reject|quarantine)".


You are making the unwarranted assumption that the recipient is using
DMARC. The OP here did not state whether DMARC is set up for the
domains that were causing problems, unless I missed it.

Furthermore, a DMARC p=none means simply that the DMARC'ed domain does
not request any special action to be taken. It does not request, let
alone instruct, the receiver to deliver the mail. The receiver is (of
course) free to apply whatever its own policy on receiving mail is.
"Your system, your rules." A p=reject *requests* the receiver to
reject the mail, but does not require. DMARC section 6.7 explicitly
says that a DMARC-compliant receiver MAY reject mail that passes
DMARC, and MAY accept mail that fails it. "Final disposition of a
message is always a matter of local policy."

You should not use SHOULD NOT unless you know what it means and can
document the RFC that says it.



--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@???
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/