Re: Domainkeys and ISPs
Lionel Elie Mamane wrote:
> On Thu, Mar 13, 2008 at 11:43:49PM +0800, Thomas Goirand wrote:
>
>> I just had a test with dkimproxy. A very simple test with the mailx
>> package (eg: Mail from the command line).
>
>> So as you see, dkimproxy needs a list of domains for which it signs
>> email. If you are receiving a mail from another server, and then
>> forwards it, of course, it's not in the list, and then it's not
>> signed.
>
> That doesn't sound obvious to me. Let's assume you have two users, A
> and B, with email addresses A@example.org and B@example.org . B get
> his email forwarded to b@vanity.domain, and A runs his own
> direct-to-MX delivery server (or relay server) (or contracts one from
> a third party; the point is not yours).
>
> That's a situation where your assumption of "If you are receiving a
> mail from another server, and then forwards it, of course, it's not in
> the list" does not hold: If A sends a mail to B@example.org with
> return path of A@example.org; should that mail get signed? Probably
> not. Because if you sign that mail, you'll also sign joe-job spam
> mail, and that's something you wouldn't want, I presume.
In that case, I believe that our normal postfix rules would detect it,
and reject the email, no?
Anyway, I don't think it's based on the return-path: field...
Thomas
Reply to: