> Besides, can I change the lines as following? > > header __DKIM_REQUIRED From:addr =~ /\@(example\.com)$/i > header __DKIM_REQUIRED From:addr =~ /\@( example\.org)$/i > header __DKIM_REQUIRED From:addr =~ /\@( example\.nl)$/i > . > . > > > As I have lots of domain to handle.
You could script the generation of a single line like Bill Cole suggested (and you can use include files in the config to make this easier). However I am curious about the performance of a rule like that with a lot of domains in it. Alternatively you could also set up a dns based list of sender domains. In fact I have been wondering if someone is maintaining a list like that. Because I guess a lot of people must be doing similar things on their own. Eg. we require dkim of spf to be present for some local bank domains. Especially banks and the like have already a policy, often specified on their site, for which of their domains require dkim or spf. Would there be a point in a central, maybe self maintained dns based domain list where organisations can register domains as 'requiring' dkim/spf? Sort of an explicit opt-in for organisations who really know they have everything correctly set-up. A dns list configuration would look like this (and might be easier maintainable for some people): # Check envelope from against domain-based list at dkiml.example.com header __DKIM_REQUIRED_DNS eval:check_rbl_from_domain('dkiml', 'dkiml.example.com.') describe __DKIM_REQUIRED_DNS Envelope sender listed in dkiml.example.com (Example domain listing) tflags __DKIM_REQUIRED_DNS net reuse __DKIM_REQUIRED_DNS describe DKIM_REQUIRED_FAIL Sender requires a valid DKIM signature but it was not present meta DKIM_REQUIRED_FAIL (__DKIM_REQUIRED_DNS && !DKIM_VALID_AU) score DKIM_REQUIRED_FAIL 10.0 What would be the performance pros and cons between a hardcoded regex with a lot of domains or a dns list (lookup)? I think it probably doesn't matter that much unless the regex is really huge. So its just a matter of personal preference for maintainebility?