Only signing when listed in TrustedHosts AND authenticated

From: Aaron Paetznick <aaronp_at_critd.com>
Date: Tue, 14 Jul 2015 12:34:47 -0500

First, thanks for the excellent free software!

I've been using OpenDKIM with sendmail for months now, currently using
OpenDKIM 2.10.3 with sendmail 8.14.9. I use it to sign outbound email
from our thousands of customers, no verification at this time.

Not all of our customers are using authentication and SSL/TLS encryption
inside our network, and while we require auth from outside our network,
many are not using encryption externally either. We will sometimes have
problems with customer accounts getting hijacked and spammers briefly
sending authenticated email using our servers. While we're usually able
to stomp that activity out right away, I still can't trust authenticated
email 100% yet, and I do not like further jeopardizing our email
reputation by unintentionally signing spam email.

We're not happy with this situation at all, and we're working hard to
transition to 100% auth and encryption one customer at a time, but until
that time I would like to have more control over what email does and
does not get signed. Here's my situation:

1) I trust email sent from IPs listed in the TrustedHosts file more than
from IPs not listed

2) I trust email sent using authentication more than I trust email that
is not authenticated

3) I trust email sent using encryption more than I trust email that is
not encrypted


I would like to be able to configure OpenDKIM to only sign email that is
listed in the TrustedHosts AND authenticated AND encrypted, or at least
just listed in TrustedHosts AND authenticated. Reading through the
documentation and also doing some testing, I believe OpenDKIM is
currently signing any email listed in TrustedHosts OR is authenticated.
Basically, I would prefer to not automatically sign authenticated email
unless ALL conditions are met, not ANY. I have been experimenting with
the Mode and MacroList options in opendkim.conf, but I have not been
successful in disabling signing for authenticated users. BTW, I would
like to see several examples of valid syntax for these options to better
understand how they're intended to be used.

Any thoughts or working examples from others in similar situations would
be very much appreciated.


--Aaron
Received on Tue Jul 14 2015 - 17:35:01 PST

This archive was generated by hypermail 2.3.0 : Wed Jul 15 2015 - 06:45:01 PST