From: SM <sm...@re...> - 2009-06-23 14:34:27
|
At 04:31 23-06-2009, John Marshall wrote: >The DKIM Filter logs wonderfully-tantalizing messages like the following: > >dkim-filter: external host 82-131-174-194.pool.invitel.hu attempted >to send as riverwillow.com.au > >That's all the evidence I need to know that I can kill the connection >but I can't find a related On- hook for it. Is there one or are there >plans? Publish an ADSP policy stating that the domain signs all messages and set the following in your configuration file: ADSPDiscard Yes Regards, -sm |
From: John M. <joh...@ri...> - 2009-06-23 23:42:51
|
On Tue, 23 Jun 2009, 07:33 -0700, SM wrote: > At 04:31 23-06-2009, John Marshall wrote: > >The DKIM Filter logs wonderfully-tantalizing messages like the following: > > > >dkim-filter: external host 82-131-174-194.pool.invitel.hu attempted > >to send as riverwillow.com.au > > > >That's all the evidence I need to know that I can kill the connection > >but I can't find a related On- hook for it. Is there one or are there > >plans? > > Publish an ADSP policy stating that the domain signs all messages and > set the following in your configuration file: > > ADSPDiscard Yes Thanks but I was looking to hook into whatever generates those log messages. When I first set up DKIM I did as you suggested but it killed off any of our messages which went through mailing lists: neither we nor anybody else with ADSPDiscard true would receive those messages. So, we are stuck with an "unknown" ADSP until everybody works out what to do with mailing lists and DKIM. I'm looking for something like 'ExternalStrict' or 'ExternalDiscard' which could be set true to reject messages from "external" hosts which are not found in 'ExternalIgnoreList'. As far as I can see, the DKIM filter is the only filter with enough clues to make that decision. Apart from that, the message has to run the gauntlet of subsequent filters and (hopefully) be rejected on other grounds. -- John Marshall |
From: SM <sm...@re...> - 2009-06-24 06:06:44
|
Hi John, At 16:42 23-06-2009, John Marshall wrote: >Thanks but I was looking to hook into whatever generates those log >messages. When I first set up DKIM I did as you suggested but it killed >off any of our messages which went through mailing lists: neither we nor >anybody else with ADSPDiscard true would receive those messages. So, we >are stuck with an "unknown" ADSP until everybody works out what to do >with mailing lists and DKIM. The external notice will be logged for mailing list traffic. You will see something similar to the line below in your mail log: external host lists.sourceforge.net attempted to send as example.com >I'm looking for something like 'ExternalStrict' or 'ExternalDiscard' >which could be set true to reject messages from "external" hosts which >are not found in 'ExternalIgnoreList'. As far as I can see, the DKIM >filter is the only filter with enough clues to make that decision. >Apart from that, the message has to run the gauntlet of subsequent >filters and (hopefully) be rejected on other grounds. You can hack dkim-milter to reject the message if you know which hosts are sending mailing list traffic. Set a flag around line no. 6481 in dkim-filter.c. In the mlfi_eom() routine, test for that flag and reject. That would be like an "On-External" action. Regards, -sm |
From: John M. <joh...@ri...> - 2009-06-24 23:53:34
|
On Tue, 23 Jun 2009, 23:04 -0700, SM wrote: > At 16:42 23-06-2009, John Marshall wrote: > >I'm looking for something like 'ExternalStrict' or 'ExternalDiscard' > >which could be set true to reject messages from "external" hosts which > >are not found in 'ExternalIgnoreList'. As far as I can see, the DKIM > >filter is the only filter with enough clues to make that decision. > >Apart from that, the message has to run the gauntlet of subsequent > >filters and (hopefully) be rejected on other grounds. > > You can hack dkim-milter to reject the message if you know which > hosts are sending mailing list traffic. Set a flag around line no. > 6481 in dkim-filter.c. In the mlfi_eom() routine, test for that flag > and reject. That would be like an "On-External" action. Thanks for the tip. I'm not a programmer. I just raised this because it is something I would find extremely useful, thought others might as well, and wondered if my remarks might spark some interest in development of an 'On-External' action or 'ExternalDiscard' flag for the filter. Thank you again for your responses and for all your work on development and maintenance of this filter. Regards, -- John Marshall |