I have had dkim-milter (as well as dk-milter) running for a while on my server, and on a couple clients servers, and have a couple questions hopefully someone can help with.
First, and maybe I am just overlooking it, but is there a way in the configuration of dkim-milter to say, if mail is received saying it’s from xx.com domain (replace xx with your choice), then it must have a valid DKIM signature, and if not to reject/trash can the mail??
I guess for example, I know Yahoo.com now supports DKIM, but we get tons of SPAM saying it’s from Yahoo.com, but in reality it’s from various hacked machines around the world, not yahoo. Of course they don’t include a DKIM signature, they just try and fake they are from yahoo. So is there a setting so I can say if mail is being sent to me, and it says it’s from Yahoo.com, to then check for a DKIM signature (as I know real Yahoo mail will have one), and if it has an invalid signature, or no signature at all, then to trash can/reject the message.
Issue in point, I have a client that keeps trying to bounce invalid rejects for SPAM being faked as from Yahoo back to yahoo saying it’s to invalid users on their server, but then Yahoo is blacking listing them for hammering them with reject messages. So it just seemed that I should be able to use DKIM to eliminate that issue, any suggestions?
Second question, I know as stated above that Yahoo is doing DKIM and DK signatures in their email, but when I get a message in from Yahoo, it tells me the DK signature is good, but that the DKIM signature is bad. If I send a message back to my Yahoo account, it tells me that my signatures are good. Am I munging up Yahoo’s header without knowing it, or are they really sending out broken DKIM which is almost hard to believe. I will include a header below, and see if anyone can help give me a clue on this one..
X-Spam-Checker-Version: SpamAssassin 3.3.0 (2010-01-18) on vorlon.leadmon.net
X-Spam-Status: No, score=-0.9 required=5.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED,
T_RP_MATCHES_RCVD autolearn=no version=3.3.0
Received: from web55305.mail.re4.yahoo.com (web55305.mail.re4.yahoo.com [126.96.36.199])
by mail.leadmon.net (8.14.4/8.14.4/LNSG+SCOP+PSBL+LUBL+NJABL+SBL+DSBL+SORBS+CBL+RHSBL) with SMTP id o2GFTNRm021714
for <firstname.lastname@example.org>; Tue, 16 Mar 2010 11:29:29 -0400 (EDT)
X-DKIM: Sendmail DKIM Filter v2.8.3 mail.leadmon.net o2GFTNRm021714
Authentication-Results: mail.leadmon.net; dkim=neutral
(verification failed) email@example.com; x-dkim-adsp=none
X-DomainKeys: Sendmail DomainKeys Filter v1.0.2 mail.leadmon.net o2GFTNRm021714
Authentication-Results: mail.leadmon.net; domainkeys=pass (testing) header.Fromfirstname.lastname@example.org
X-SenderID: Sendmail Sender-ID Filter v1.0.0 mail.leadmon.net o2GFTNRm021714
Authentication-Results: mail.leadmon.net; sender-id=none email@example.com; spf=none firstname.lastname@example.org
Received: (qmail 60648 invoked by uid 60001); 16 Mar 2010 15:29:20 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024;
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com;
Received: from [188.8.131.52] by web55305.mail.re4.yahoo.com via HTTP;
Tue, 16 Mar 2010 08:29:20 PDT
X-Mailer: YahooMailRC/324.3 YahooMailWebService/0.8.100.260964
Date: Tue, 16 Mar 2010 08:29:20 -0700 (PDT)
From: Howard Leadmon <email@example.com>
X-Virus-Scanned: clamav-milter 0.95.3 at vorlon.leadmon.net
If I am doing something that is munging up the header, any ideas on fixing it, as for sure I’d like to have DKIM working well.
Thanks for any input, always appreciated…
Howard Leadmon - firstname.lastname@example.org