From: Jim P. <ji...@ya...> - 2006-06-20 19:17:54
|
SM wrote: > At 10:30 20-06-2006, Murray S. Kucherawy wrote: >> Actually what's more interesting to me is "miss=r" which means >> reject on missing >> signatures. This should apply to messages bearing no signature if >> the sending >> domain advertises a "we sign all" policy. >> >> If however an unsigned message with no such policy is being >> rejected, that's a bug. > > Jim, were unsigned messages being rejected? > :-) (RTFM, i know) After reading the new README that came with 0.4.1, I decided to remove my custom -C parameters (which were "bad=r,dns=t,int=t,no=a,miss=r"). When I upgraded dk-filter from 0.4.0 I started creating an init.d script and in doing so, I guess I was a little over zealous with the restriction and actions config. So, now I am using the default restrictions and not experiencing any email problems other than the occasional "syntax error in signature data" related to spam/rbl'ed emails. I would like to move back towards bad=r soon, but I'll wait until I learn more about it's affect on good mail. > REJECTION="bad=r" would reject DK signed messages coming through most > mailing lists as they usually break the DK signatures. I think that I (we, thank you again) have worked out all those kinks as outbound list traffic is still signed correctly (for the domains that have DNS that supports TXT records). The problems that started this thread were related to near complete rejection of inbound emails. I still have a ton of logs to parse through to determine the good/bad rejection ratio, because I do know that bad=r worked correctly for a considerable amount of inbound spam last week. Right now I do RBL, ClamAV, and SA, checks _before_ dk-filter processing, I hope to move DK and DKIM to the front line soon and clear out the obvious crap before doing further filtering. Thanks again for all the help and advice, -Jim P. |