Chris,
Ran some spam and ham through 'spamassassin -D -t' today mainly looking
to see if there were any mention of dns issues as I had reported
earlier. At the end of the run I see this whether it's ham or spam:
Oct 21 19:30:09.086 [31076] dbg: check: tagrun - tag DKIMDOMAIN is
still
blocking action 0
If a message does not contain a *valid* DKIM signature, then the
tag DKIMDOMAIN won't be set, so any rules that depend on this tag
will not be activated. So this is a normal situation for unsigned
or forged mail.
The rules in question are probably
DKIMDOMAIN_IN_DWL and __DKIMDOMAIN_IN_DWL_ANY
20_dnsbl_tests.cf : (wrapped for clarity):
askdns DKIMDOMAIN_IN_DWL
_DKIMDOMAIN_._vouch.dwl.spamhaus.org TXT
/^([a-z]+ )*(transaction|list|all)( [a-z]+)*$/
askdns __DKIMDOMAIN_IN_DWL_ANY
_DKIMDOMAIN_._vouch.dwl.spamhaus.org TXT
So these rules would launch a DNS query against _vouch.dwl.spamhaus.org
if and only if a message would contain a valid DKIM signature.
Mark