Ordering of On- configuration Options

From: Alan Chandler <alan_at_chandlerfamily.org.uk>
Date: Thu, 13 Mar 2014 09:46:17 +0000

I am trying to set-up dkim-filter to reject mails from people who have
invalidly signed it, but accept mails for domains that do not sign there
mail (and unfortunately, since I can't add the publick key to my dns, I
can't sign my own outgoing mails)

I am getting a situation where I seem to be rejecting mails with no
signature data. These tend to be from mailing lists, and I am getting
unsubscribed from the list because of the bounces.

My config file has

On-Default accept
On-NoSignature accept
On-DNSError tempfail
On-BadSignature reject
On-InternalError tempfail
On-Security tempfail

But I can find no explanation of ordering and if a Bad-Signature reject
trumps the On-NoSignature accept.

It is possible that mail to the mailing list had a dkim signature added,
which because of the extra data added by the mailing list causes the
signature to be deemed false?

I am a nearly complete newbie on this, so any pointers as to what best
to do would be appreciated. For the time being I have add to drop the
filtering on signatures.

-- 
Alan Chandler
http://www.chandlerfamily.org.uk
Received on Thu Mar 13 2014 - 09:46:33 PST

This archive was generated by hypermail 2.3.0 : Thu Mar 13 2014 - 09:54:01 PST