LuKreme a écrit :
> On 10-Dec-2008, at 12:10, Kelson wrote:
>> Successful sender verification ALONE doesn't tell you much, because it
>> doesn't distinguish between a legit sender who uses DKIM and a spammer
>> who uses DKIM (or a spammer abusing a large sender). This is why the
>> default scores on DKIM_VERIFIED and DKIM_SIGNED are just enough to
>> track the rule, and not enough to significantly affect the score
>
> Thank you (and you too, mouss) for the explanation, this does make a lot
> of sense now. I guess I need to go through all my mail and find the
> DKIM info for the good sites.
>
> Given that I get mail from company.tld and they used DKIM and I trust it
> if it passes, and given that company.tld is a company where I am getting
> mail from their employees and not from their clients (like not an ISP),
> does this look about right:
>
> whitelist_from_dkim [EMAIL PROTECTED]
> whitelist_from_dkim [EMAIL PROTECTED]
> header __L_FROM_CTLD From:addr =~ /[EMAIL PROTECTED]/mi
> meta L_NOTVALID_CTLD !DKIM_VERIFIED && __L_FROM_CTLD
> score L_NOTVALID_CTLD 5
>
> Which would, I think, score them a full 5 points up for failing DKIM,
> but give them a negative score from USER_IN_DKIM_WHITELIST?
while the whitelisting part is ok, the "blacklisting" part is risky:
- they could mess up with their dns config during an update.... or they
could add a new MTA, or reconfigure their MTA and "forget" to pass
throgh the dkim signing application...
- they may want to allow some of their users to post via their ISP, hotel,
- ...
so 5 is a little too high.
I see yahoo mail failing verification (and yes, it is legit mail sent by
a yahoo user via yahoo. no forgery or anything). That should tell you
something ;-p
>
> And I assume that the dkim.cf that was in /etc/mail/spamassassin/ should
> be in /var/db/spamassassin/3.002.005/ instead?
>
no. it's your file, so leave it in your "site rules directory"
(/etc/.... apparently). /var/{db|lib}/spamassassin/.... is for automatic
updates.
