[opendkim-dev] Re: FW: [dkim-milter-discuss] authentication not detected. mails not signed

From: Murray S. Kucherawy <msk_at_cloudmark.com>
Date: Thu, 20 Aug 2009 15:06:54 -0700

> -----Original Message-----
> From: SM [mailto:sm_at_resistor.net]
> Sent: Thursday, August 20, 2009 1:26 PM
> To: Murray S. Kucherawy
> Cc: opendkim-dev_at_lists.opendkim.org
> Subject: Re: [opendkim-dev] FW: [dkim-milter-discuss] authentication
> not detected. mails not signed
>
> >Maybe this should be something the filter should be able to select
> >at runtime, with the default being {auth_type}?
>
> Thinking aloud, this is more of a configuration/documentation issue
> than a bug. Whatever macro we pick, there is always a risk that it
> is not provided to the milter. The better fix may be to document
> what is required for the SMTP AUTH to be detected.

Wow, I'm surprised I've gotten away with not having that in there for this long. I've added a paragraph to the OPERATION section of opendkim(8) describing the details of the test.

> >Perhaps it should work like the Macros setting, where the list of
> >macros with possible values can be specified.
>
> That can be done too. In this case, there is an expectation that
> opendkim detects whether it is an authenticated connection. Although
> it is not optimal, what do you think about testing for auth_authen as
> well?

Actually, the Macros setting already solves the problem. If auth_type is not provided, the user can use Macros to check any other macro for some value, so one could simply configure this:

        Macros auth_authen

Then even with milter-greylist, it would work because its configuration suggests passing auth_authen. The built-in auth_type test and the Macros test are considered equivalent when making the sign-verify decision.
Received on Thu Aug 20 2009 - 22:07:13 PST