Re: Domainkeys and ISPs

[Thomas Goirand <thomas@goirand.fr>]

Lionel Elie Mamane wrote:
> On Thu, Mar 13, 2008 at 11:43:49PM +0800, Thomas Goirand wrote:
> 
>> I just had a test with dkimproxy. A very simple test with the mailx
>> package (eg: Mail from the command line).
> 
>> So as you see, dkimproxy needs a list of domains for which it signs
>> email. If you are receiving a mail from another server, and then
>> forwards it, of course, it's not in the list, and then it's not
>> signed.
> 
> That doesn't sound obvious to me. Let's assume you have two users, A
> and B, with email addresses A@example.org and B@example.org . B get
> his email forwarded to b@vanity.domain, and A runs his own
> direct-to-MX delivery server (or relay server) (or contracts one from
> a third party; the point is not yours).
> 
> That's a situation where your assumption of "If you are receiving a
> mail from another server, and then forwards it, of course, it's not in
> the list" does not hold: If A sends a mail to B@example.org with
> return path of A@example.org; should that mail get signed? Probably
> not. Because if you sign that mail, you'll also sign joe-job spam
> mail, and that's something you wouldn't want, I presume.

In that case, I believe that our normal postfix rules would detect it,
and reject the email, no?

Anyway, I don't think it's based  on the return-path: field...

Thomas