On Tue, Jul 13, 2021 at 03:29:42PM -0400, post...@ptld.com wrote:
> > On 07-13-2021 2:47 pm, Matus UHLAR - fantomas wrote:
> > btw, as always: what are you trying to achieve?
> 
> The end goal is per-recipient kdim enforcement. Since it's impossible to 
> control if milter/dkim runs or not based on recipient, my next option to 
> explore is allowing dkim to run passive to just create the headers, then 
> during smtpd_*_restrictions based on recipient decide whether or not to
> take action on the information in the dkim header to reject or allow the 
> mail.

FWIW, there is no such thing as "DKIM enforcement", you're probably
thinking of DMARC.  The sensible thing to do with DMARC is to add an
Authentication-Results (https://datatracker.ietf.org/doc/html/rfc7601)
header to the message, and then file into the spam folder on delivery
for users who want to opt-in into DMARC enforcement.  The policy
decision is then outside the edge MTA, implemented in the LDA.

-- 
    Viktor.

Reply via email to