On Sat, 6 May 2017 13:28:30 +0000 David Jones wrote: From what I can tell, the > whitelist_from_dkim only works on DKIM_VALID_AU hits which means the > DKIM signature domain aligns with the header-from. Based on my > analysis of my email, if email has passed through my Postfix > postscreen scrutiny based on the envelope- from and hits > DKIM_VALID_AU _with a good unsubscribe_, then that domain is fine to > whitelist_auth.
If you mean that you only whitelist mail with header-from-domain == envelope-from-domain, then why have you been emphasizing that you only add envelope-from-domains to whitelist_auth. It's technically true, but deeply misleading.
