nanog mailing list archives

Re: spamassassin

From: Suresh Ramasubramanian <ops.lists () gmail com>
Date: Tue, 18 Feb 2014 20:44:25 -0800

I would not advise that.  Plenty of things can render a dkim sig invalid.
 Not all of them are evidences of malice.

You might be well advised to check for a DMARC record (which asserts policy
using a combination of DKIM and SPF) and if there's a reject there, feel
free to trash the email if there's a validation failure.  But not simply
because a DKIM signature breaks.

--srs

On Tuesday, February 18, 2014, Private Sender <nobody () snovc com> wrote:

Spamassassin knows the dkim signature is invalid, so there must be a dns
query that occurs at this point in the message processing.

If that is the case, there must be someway to configure to reject if the
dkim signature is invalid.


-- 
--srs (iPad)

Current thread:

spamassassin Randy Bush (Feb 18)
- Re: spamassassin Private Sender (Feb 18)
  - Re: spamassassin Randy Bush (Feb 18)
  - Message not available
    - Re: spamassassin Larry Sheldon (Feb 18)
- Re: spamassassin Michael Thomas (Feb 18)
- Re: spamassassin Suresh Ramasubramanian (Feb 18)
  - Re: spamassassin Private Sender (Feb 18)
    - Re: spamassassin Suresh Ramasubramanian (Feb 18)
    - Re: spamassassin Randy Bush (Feb 18)
- Re: spamassassin Daniel Staal (Feb 18)
  - Re: spamassassin Randy Bush (Feb 18)
  - Re: spamassassin Simon Perreault (Feb 19)
    - Re: spamassassin Randy Bush (Feb 19)
    - Re: spamassassin Gary E. Miller (Feb 19)
    - Re: spamassassin Randy Bush (Feb 19)
    - Re: spamassassin Michael Butler (Feb 19)
    - Re: spamassassin Daniel Staal (Feb 20)
    - Re: spamassassin Daniel Staal (Feb 20)

(Thread continues...)