Hi Merijn, Still digest your solution, look like it rather complex to me.
Besides, it is possible to just whitelist or blacklist some email address for DKIM checking? Regards, Chris Lee -----Original Message----- From: Merijn van den Kroonenberg [mailto:mer...@web2all.nl] Sent: Tuesday, August 16, 2016 4:00 PM To: users@spamassassin.apache.org Subject: RE: DKIM Score > Besides, can I change the lines as following? > > header __DKIM_REQUIRED From:addr =~ /\@(example\.com)$/i > header __DKIM_REQUIRED From:addr =~ /\@( example\.org)$/i > header __DKIM_REQUIRED From:addr =~ /\@( example\.nl)$/i > . > . > > > As I have lots of domain to handle. You could script the generation of a single line like Bill Cole suggested (and you can use include files in the config to make this easier). However I am curious about the performance of a rule like that with a lot of domains in it. Alternatively you could also set up a dns based list of sender domains. In fact I have been wondering if someone is maintaining a list like that. Because I guess a lot of people must be doing similar things on their own. Eg. we require dkim of spf to be present for some local bank domains. Especially banks and the like have already a policy, often specified on their site, for which of their domains require dkim or spf. Would there be a point in a central, maybe self maintained dns based domain list where organisations can register domains as 'requiring' dkim/spf? Sort of an explicit opt-in for organisations who really know they have everything correctly set-up. A dns list configuration would look like this (and might be easier maintainable for some people): # Check envelope from against domain-based list at dkiml.example.com header __DKIM_REQUIRED_DNS eval:check_rbl_from_domain('dkiml', 'dkiml.example.com.') describe __DKIM_REQUIRED_DNS Envelope sender listed in dkiml.example.com (Example domain listing) tflags __DKIM_REQUIRED_DNS net reuse __DKIM_REQUIRED_DNS describe DKIM_REQUIRED_FAIL Sender requires a valid DKIM signature but it was not present meta DKIM_REQUIRED_FAIL (__DKIM_REQUIRED_DNS && !DKIM_VALID_AU) score DKIM_REQUIRED_FAIL 10.0 What would be the performance pros and cons between a hardcoded regex with a lot of domains or a dns list (lookup)? I think it probably doesn't matter that much unless the regex is really huge. So its just a matter of personal preference for maintainebility? This message and its attachment (if any) are strictly confidential and sent to the designated recipient(s) only. If you are not the intended recipient, please notify the sender by e-mail and delete this message and its attachment (if any) from your computer system immediately . Century City International Holdings Limited, Paliburg Holdings Limited, Regal Hotels International Holdings Limited, its respective related subsidiaries, associated companies and affiliates do not guarantee this message and its attachment (if any) are free of computer virus and would not accept any liability whatsoever arising from Internet transmission.
