Re: _DKIMDOMAIN_ vs. _AUTHORDOMAIN_ (was: Re: dnswl dwl rule)

[Matus UHLAR - fantomas]

Hello,

just bumping this if anyone has idea how to process DKIMWL and spamhaus DWL
in more efficient matter.

On 01.10.22 16:42, Matus UHLAR - fantomas wrote:

    askdns LOCAL_DNSWL_IN_DWL _DKIMDOMAIN_.dwl.dnswl.org TXT

On 30.09.22 20:57, Matus UHLAR - fantomas wrote:

I'm not sure it should be done with _DKIMDOMAIN_, it's described to contain all valid signatures:

  _DKIMDOMAIN_
    Signing Domain Identifier (SDID) (the 'd' tag) from valid signatures;


the rule should be used with from domain, and only when DKIM_VALID_AU applies.

I have checked with one of mails in my archive and added to user_prefs
add_header      all     dkimdomain      _DKIMDOMAIN_

the result:

Authentication-Results: fantomas.fantomas.sk;
      dkim=pass (2048-bit key; unprotected) 
header.d=threecollectivemarketing.com 
header.i=i...@threecollectivemarketing.com header.a=rsa-sha256 header.s=ipz 
header.b=LJOUNANX;
      dkim=pass (2048-bit key; unprotected) header.d=mx-router-i.com 
header.i=@mx-router-i.com header.a=rsa-sha256 header.s=ipzs2 header.b=qAQp4Ntr;
From: Zebra Blinds <i...@threecollectivemarketing.com>
X-Spam-dkimdomain: threecollectivemarketing.com mx-router-i.com

so I guess the rules published on https://www.dnswl.org/?p=311
are invalid

... unless _DKIMDOMAIN_ is used as array - multiple times

I have found other rules using _DKIMDOMAIN_:

20_dnsbl_tests.cf:#askdns   __DKIMDOMAIN_IN_DWL_ANY  
_DKIMDOMAIN_._vouch.dwl.spamhaus.org TXT

72_active.cf:askdns    __DKIMWL_FREEMAIL _DKIMDOMAIN_.lookup.dkimwl.org A 
/^127\.\d+\.3\.\d+$/
72_active.cf:askdns    __DKIMWL_BULKMAIL _DKIMDOMAIN_.lookup.dkimwl.org A 
/^127\.\d+\.2\.\d+$/
72_active.cf:askdns    __DKIMWL_WL_HI    _DKIMDOMAIN_.lookup.dkimwl.org A 
/^127\.\d+\.\d+\.5$/
72_active.cf:askdns    __DKIMWL_WL_MEDHI _DKIMDOMAIN_.lookup.dkimwl.org A 
/^127\.\d+\.\d+\.4$/
72_active.cf:askdns    __DKIMWL_WL_MED   _DKIMDOMAIN_.lookup.dkimwl.org A 
/^127\.\d+\.\d+\.3$/
72_active.cf:askdns    __DKIMWL_WL_BL   _DKIMDOMAIN_.lookup.dkimwl.org A 
/^127\.\d+\.\d+\.0$/
72_active.cf:askdns    __DKIMWL_BLOCKED  _DKIMDOMAIN_.lookup.dkimwl.org A 
/^127\.255\.255\.255$/

perhaps these all should replace _DKIMDOMAIN_ by _AUTHORDOMAIN_ and AND-ed with DKIM_VALID_AU.

can these checks be made the way DNS queries are done only when DKIM_VALID_AU matches?

perhaps playing with priority

--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
I'm not interested in your website anymore.
If you need cookies, bake them yourself.