On 10-Dec-2008, at 12:10, Kelson wrote:
Successful sender verification ALONE doesn't tell you much, because
it doesn't distinguish between a legit sender who uses DKIM and a
spammer who uses DKIM (or a spammer abusing a large sender). This
is why the default scores on DKIM_VERIFIED and DKIM_SIGNED are just
enough to track the rule, and not enough to significantly affect the
score
Thank you (and you too, mouss) for the explanation, this does make a
lot of sense now. I guess I need to go through all my mail and find
the DKIM info for the good sites.
Given that I get mail from company.tld and they used DKIM and I trust
it if it passes, and given that company.tld is a company where I am
getting mail from their employees and not from their clients (like not
an ISP), does this look about right:
whitelist_from_dkim [EMAIL PROTECTED]
whitelist_from_dkim [EMAIL PROTECTED]
header __L_FROM_CTLD From:addr =~ /[EMAIL PROTECTED]/mi
meta L_NOTVALID_CTLD !DKIM_VERIFIED && __L_FROM_CTLD
score L_NOTVALID_CTLD 5
Which would, I think, score them a full 5 points up for failing DKIM,
but give them a negative score from USER_IN_DKIM_WHITELIST?
And I assume that the dkim.cf that was in /etc/mail/spamassassin/
should be in /var/db/spamassassin/3.002.005/ instead?
--
The trouble with being a god is that you've got no one to pray to.
