Re: Rejected messages from the mailing list

From: SM <sm_at_resistor.net>
Date: Mon, 02 Aug 2010 08:07:27 -0700

Hi Alessandro,
At 05:37 02-08-10, Alessandro Vesely wrote:
>Ooops, it's me, or someone else having enabled ADSP on zdkimfilter.

If it's you, you can fix the problem. :-)

>BTW, source now says "554 DKIM signature required by ADSP" --not released yet.

A 550 code would be better as it is a policy decision. But it isn't
for me to decide on that.

>It breaks most of the times, though. (About 3:1 in my current folder)

It should not break for this mailing list except for one known case.

>Zdkimfilter has whitelisting options, and orders signatures
>according to their domain being author, whitelisted, sender, helo,
>using dkim_set_final. Then, the library delivers the first verified
>signature. However, I had forgotten to whitelist opendkim.org :-/

The quick fix is to whitelist opendkim.org. I suggest returning all
the verified signatures if you want to catch cases like this one.

>I've now disabled ADSP actions, as it should be --and is, by
>default. Obviously, I cannot rely on remembering to whitelist each
>list. In addition, whitelisting by signing domain wouldn't work in
>case a signature fails. (Apparently, SPF is more reliable for whitelisting.)

Whitelisting doesn't scale. It is only requested for opendkim.org as
we need to test the various possibilities to find out how to improve OpenDKIM.

>The message I'm replying to, for example, has a failed signature. I
>suspect the Content-Type field. What I received has:

I'll ask Murray what he saw at his end.

Regards,
-sm
Received on Mon Aug 02 2010 - 15:09:11 PST