> Besides, can I change the lines as following?
>
> header      __DKIM_REQUIRED From:addr =~ /\@(example\.com)$/i
> header      __DKIM_REQUIRED From:addr =~ /\@( example\.org)$/i
> header      __DKIM_REQUIRED From:addr =~ /\@( example\.nl)$/i
> .
> .
>
>
> As I have lots of domain to handle.

You could script the generation of a single line like Bill Cole suggested
(and you can use include files in the config to make this easier).

However I am curious about the performance of a rule like that with a lot
of domains in it.

Alternatively you could also set up a dns based list of sender domains. In
fact I have been wondering if someone is maintaining a list like that.
Because I guess a lot of people must be doing similar things on their own.
Eg. we require dkim of spf to be present for some local bank domains.
Especially banks and the like have already a policy, often specified on
their site, for which of their domains require dkim or spf.

Would there be a point in a central, maybe self maintained dns based
domain list where organisations can register domains as 'requiring'
dkim/spf? Sort of an explicit opt-in for organisations who really know
they have everything correctly set-up.

A dns list configuration would look like this (and might be easier
maintainable for some people):

# Check envelope from against domain-based list at dkiml.example.com
header      __DKIM_REQUIRED_DNS        eval:check_rbl_from_domain('dkiml',
'dkiml.example.com.')
describe    __DKIM_REQUIRED_DNS        Envelope sender listed in
dkiml.example.com (Example domain listing)
tflags      __DKIM_REQUIRED_DNS        net
reuse       __DKIM_REQUIRED_DNS

describe    DKIM_REQUIRED_FAIL Sender requires a valid DKIM signature but
it was not present
meta        DKIM_REQUIRED_FAIL (__DKIM_REQUIRED_DNS && !DKIM_VALID_AU)
score       DKIM_REQUIRED_FAIL 10.0

What would be the performance pros and cons between a hardcoded regex with
a lot of domains or a dns list (lookup)?

I think it probably doesn't matter that much unless the regex is really
huge. So its just a matter of personal preference for maintainebility?


Reply via email to