Yahoo Groups archive

Milter-greylist

Index last updated: 2026-04-28 23:32 UTC

Message

Re: [milter-greylist] Compiling milter-greylist 4.3.4 with DKIM ?

2010-02-28 by Michael Mansour

Hi Emmanuel,

> Michael Mansour <mic@...> wrote:
> 
> >        dkim   DKIM status (if build with DKIM support). Possible values are
> > pass, fail, unknown, error, and none,
> > 
> > ie. "DKIM status", it doesn't actually say a ruleset like the above would
> > work?
> 
> We told you nobody tested it :-)

:) thanks for the below, the patch made it work. I also tried:

dacl blacklist from /.*@gmail\.com$/ dkim none msg "Unverified, forged or
non-existent DomainKeys/DKIM signature"

and that worked too.

Do you know if the dkim check also checks for DomainKeys? not just DKIM keys?

paypal.com signs with DomainKeys.

paypal.com.au signs with DomainKeys _and_ DKIM (two sigs shown in the header
of each message).

ebay.com signs with DomainKeys.

ebay.com.au signs with DomainKeys.

yahoo.com signs with DKIM.

yahoo.com.au signs with DomainKeys and DKIM.

If the libdkim library, which milter-greylist uses, also checks "DomainKeys"
signed emails then I can block the emails from ebay, paypal, etc which are
either unsigned or forged. Stops all those phishing emails coming through or
being processed by spam filters.

I'll be monitoring the rule hits over the next few days, hopefully it will work.

Thanks.

Michael.

> Please try this patch:
> --- conf_lex.l.orig     2010-02-28 14:53:05.000000000 +0100
> +++ conf_lex.l  2010-02-28 14:53:07.000000000 +0100
> @@ -240,8 +240,12 @@
>  <S_SPF>{self}  { BEGIN(0); 
>                   yylval.spf_status = MGSPF_SELF; return SPF_STATUS; 
> } <S_SPF>{none}  { BEGIN(0);                   yylval.spf_status = 
> MGSPF_NONE; return SPF_STATUS; } +<S_DKIM>{self} { BEGIN(0); +       
>           yylval.spf_status = MGSPF_SELF; return SPF_STATUS; } 
> +<S_DKIM>{none} { BEGIN(0); +                 yylval.spf_status = 
> MGSPF_NONE; return SPF_STATUS; } {quiet}                { return 
> QUIET; } {testmode}     { return TESTMODE; } {verbose}      { return 
> VERBOSE; } {dump_no_time_translation}     { return 
> DUMP_NO_TIME_TRANSLATION; }
> 
> -- 
> Emmanuel Dreyfus
> http://hcpnet.free.fr/pubz
> manu@...
> 
> ------------------------------------
> 
> Yahoo! Groups Links
> 
> 
>

Attachments

  • No local attachments were found for this message.

Move to quarantaine

This moves the raw source file on disk only. The archive index is not changed automatically, so you still need to run a manual refresh afterward.