> Besides, can I change the lines as following?
>
> header __DKIM_REQUIRED From:addr =~ /\@(example\.com)$/i
> header __DKIM_REQUIRED From:addr =~ /\@( example\.org)$/i
> header __DKIM_REQUIRED From:addr =~ /\@( example\.nl)$/i
> .
> .
>
>
> As I have lots of domain to handle.
You could script the generation of a single line like Bill Cole suggested
(and you can use include files in the config to make this easier).
However I am curious about the performance of a rule like that with a lot
of domains in it.
Alternatively you could also set up a dns based list of sender domains. In
fact I have been wondering if someone is maintaining a list like that.
Because I guess a lot of people must be doing similar things on their own.
Eg. we require dkim of spf to be present for some local bank domains.
Especially banks and the like have already a policy, often specified on
their site, for which of their domains require dkim or spf.
Would there be a point in a central, maybe self maintained dns based
domain list where organisations can register domains as 'requiring'
dkim/spf? Sort of an explicit opt-in for organisations who really know
they have everything correctly set-up.
A dns list configuration would look like this (and might be easier
maintainable for some people):
# Check envelope from against domain-based list at dkiml.example.com
header __DKIM_REQUIRED_DNS eval:check_rbl_from_domain('dkiml',
'dkiml.example.com.')
describe __DKIM_REQUIRED_DNS Envelope sender listed in
dkiml.example.com (Example domain listing)
tflags __DKIM_REQUIRED_DNS net
reuse __DKIM_REQUIRED_DNS
describe DKIM_REQUIRED_FAIL Sender requires a valid DKIM signature but
it was not present
meta DKIM_REQUIRED_FAIL (__DKIM_REQUIRED_DNS && !DKIM_VALID_AU)
score DKIM_REQUIRED_FAIL 10.0
What would be the performance pros and cons between a hardcoded regex with
a lot of domains or a dns list (lookup)?
I think it probably doesn't matter that much unless the regex is really
huge. So its just a matter of personal preference for maintainebility?
