* lists: > Authentication-Results: geko.sbt.net.au (amavisd-new); > dkim=pass (1024-bit key) header.d=dossierinfotech.in.net; > domainkeys=fail (1024-bit key) > reason="fail (message has been altered)"
Domainkeys is long since deprecated. Also, the DKIM signature is reported as OK, so that's not really a good example. In any case, many mailing lists break DKIM sigs by modifying the subject line or body of messages, so rejecting/discarding mail based on DKIM alone is prone to cause trouble for you. DMARC offers an approach that also includes SPF, but it has problems of its own. > is that something that can be rejected/blocked in Postfix, and how? or > where should that be utilized ? You appear to be using amavis, so I suggest you use amavis' spam scoring mechanisms instead of Postfix. -Ralph
