OpenDKIM, ExemptDomains and verifying mailing lists messages

From: Jim Pirzyk <jim_at_pirzyk.org>
Date: Thu, 21 Aug 2014 10:56:58 -0500

Hi,

I have installed OpenDKIM 2.9.2 in Sendmail on my mail server and it is working as advertised. I have set it up to reject mail with bad signatures (i.e. "On-BadSignature reject" in my opendkim.conf file).

Here’s an example I’m having issues with:

USER_at_gmail.com sends me mail directly, OpenDKIM validates the signature and I get it successfully.

If USER_at_gmail.com sends mail to a mailing list (say GROUP_at_yahoogroups.com), the mail is rejected because of a bad signature. The mailing list software added headers and footers.

I tried adding yahoogroups.com to ExemptDomains but in my debugging the ExemptDomains really uses the domain of the DKIM signature, not the domain of the mail’s From address.

The documentation implies to me it should be using the From address, not the DKIM signing domain:

       ExemptDomains (dataset)
              Specifies a set of domains, mail from which should be ignored
              entirely by the filter. This is similar to the PeerList setting
              except that it bases its decision on the sender of the message
              as identified from the header fields or other message data, not
              the identity of the SMTP client sending the message.

the sender of the message is GROUP_at_yahoogroups.com, not USER_at_gmail.com. I can add gmail.com to the ExemptDomains but then *all* messages will be not verified. I would like to only exclude mailing list messages from verification.

Is there a way to do this or do we need a feature enhancement (DontVerifyMailFrom) ? If the latter maybe the ExemptDomains should be ExemptDKIMDomains ?

Thanks

- JimP

--- _at_(#) $Id: dot.signature,v 1.15 2007/12/27 15:06:13 pirzyk Exp $
    __o jim_at_pirzyk.org --------------------------------------------------
 _'\<,_
(*)/ (*) I'd rather be out biking.




Received on Thu Aug 21 2014 - 15:57:19 PST

This archive was generated by hypermail 2.3.0 : Thu Aug 21 2014 - 16:00:01 PST