On 11/6/20 8:05 AM, Mary via mailop wrote: > Here is my opendkim configuration (/etc/opendkim.conf): > ... > On-BadSignature reject
Aside from anything else, you shouldn't do this. It violates the rule at the bottom of RFC 6376, section 6.3: If the email cannot be verified, then it SHOULD be treated the same as all unverified email, regardless of whether or not it looks like it was signed. In other words, don't reject mail that fails a DKIM signature check, unless you would reject the same message if it had no DKIM signature at all. -- Robert L Mathews, Tiger Technologies, http://www.tigertech.net/ _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
