Hellow Matt, Matt Kinni <[email protected]> writes:
> I have opendkim configured via 'smtpd_milters' to sign all outbound > mail, and my domain publishes a "quarantine" dmarc record to enforce > the consequences of this. > > I recently discovered that MAILER-DAEMON messages generated by postfix > itself bypass this setup and do /not/ get signed, which unfortunately > results in legitimate DSNs being filtered into the sender's spam/junk > mail folder due to the dmarc policy (I confirmed this with gmail). > > After doing some research, I learned that dkim signing can be forced > for postfix's internally generated mails by setting > 'non_smtpd_milters' in conjunction with > 'internal_mail_filter_classes=bounce', however the manpage for the > latter parameter has this cautionary message: >> >> NOTE: It's generally not safe to enable content inspection of > Postfix-generated email messages. The user is warned. >> > > So I'm not sure what the best practice is here; postfix tries hard to > prevent being a source of backscatter and thus outbound DSN messages > should be rare, but in the event a legitimate bounce does need to be > sent out, I'd like it to not end up in the sender's spam folder. On > the other hand, miltering mailer-deamon messages adds a point of > failure to a privileged message class that should always be expected > to succeed, which I imagine is why the manpage discourages it. > > Thoughts? Well i think this is useful thought: <https://gitlab.com/soyeomul/Gnus/-/raw/karma/DKIM/GMAIL-POLICY> Sincerely, Linux fan Byung-Hee -- ^고맙습니다 _白衣從軍_ 감사합니다_^))//
