_DKIMDOMAIN_ vs. _AUTHORDOMAIN_ (was: Re: dnswl dwl rule)

Sat, 01 Oct 2022 07:42:29 -0700 

     askdns LOCAL_DNSWL_IN_DWL _DKIMDOMAIN_.dwl.dnswl.org TXT


On 30.09.22 20:57, Matus UHLAR - fantomas wrote:

I'm not sure it should be done with _DKIMDOMAIN_, it's described to 
contain all valid signatures:


   _DKIMDOMAIN_
     Signing Domain Identifier (SDID) (the 'd' tag) from valid signatures;


the rule should be used with from domain, and only when DKIM_VALID_AU applies.

I have checked with one of mails in my archive and added to user_prefs
add_header      all     dkimdomain      _DKIMDOMAIN_

the result:

Authentication-Results: fantomas.fantomas.sk;
       dkim=pass (2048-bit key; unprotected) 
header.d=threecollectivemarketing.com 
header.i=i...@threecollectivemarketing.com header.a=rsa-sha256 header.s=ipz 
header.b=LJOUNANX;
       dkim=pass (2048-bit key; unprotected) header.d=mx-router-i.com 
header.i=@mx-router-i.com header.a=rsa-sha256 header.s=ipzs2 header.b=qAQp4Ntr;
From: Zebra Blinds <i...@threecollectivemarketing.com>
X-Spam-dkimdomain: threecollectivemarketing.com mx-router-i.com

so I guess the rules published on https://www.dnswl.org/?p=311
are invalid

... unless _DKIMDOMAIN_ is used as array - multiple times


I have found other rules using _DKIMDOMAIN_:

20_dnsbl_tests.cf:#askdns   __DKIMDOMAIN_IN_DWL_ANY  
_DKIMDOMAIN_._vouch.dwl.spamhaus.org TXT

72_active.cf:askdns    __DKIMWL_FREEMAIL _DKIMDOMAIN_.lookup.dkimwl.org A 
/^127\.\d+\.3\.\d+$/
72_active.cf:askdns    __DKIMWL_BULKMAIL _DKIMDOMAIN_.lookup.dkimwl.org A 
/^127\.\d+\.2\.\d+$/
72_active.cf:askdns    __DKIMWL_WL_HI    _DKIMDOMAIN_.lookup.dkimwl.org A 
/^127\.\d+\.\d+\.5$/
72_active.cf:askdns    __DKIMWL_WL_MEDHI _DKIMDOMAIN_.lookup.dkimwl.org A 
/^127\.\d+\.\d+\.4$/
72_active.cf:askdns    __DKIMWL_WL_MED   _DKIMDOMAIN_.lookup.dkimwl.org A 
/^127\.\d+\.\d+\.3$/
72_active.cf:askdns    __DKIMWL_WL_BL   _DKIMDOMAIN_.lookup.dkimwl.org A 
/^127\.\d+\.\d+\.0$/
72_active.cf:askdns    __DKIMWL_BLOCKED  _DKIMDOMAIN_.lookup.dkimwl.org A 
/^127\.255\.255\.255$/



perhaps these all should replace _DKIMDOMAIN_  by _AUTHORDOMAIN_ and AND-ed 
with DKIM_VALID_AU.



can these checks be made the way DNS queries are done only when DKIM_VALID_AU 
matches?


perhaps playing with priority

--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Spam is for losers who can't get business any other way.






















					Reply via email to