Authentication-Results headers from the DKIM milter

Vernon Schryver vjs@calcite.rhyolite.com
Mon Apr 12 19:24:17 UTC 2010


> From: Gary Mills <mills@cc.umanitoba.ca>

>                                 Putting them both in one header seems
> peculiar to me.  What happens if one succeeds and the other fails?

What should happen?
I don't know which of the following you consider right:
  1. whitelist and so accept the message
  2. ignore the combined header as far as whitelisting is concerned
  3. something else such as rejecting the message
#2 is the likely default result.


> It's really a matter of communication between the sendmail milter and
> the DCC client.  I'd like to see this kept as simple as possible.  If
> the milter could state ``this message is authenticated for this
> sender'' in a reliable way, wouldn't that be sufficient for
> whitelisting?

Perhaps the problem is looking at it as "communication."  Instead
ignore the DKIM milter and think only about what dccm should do
with each mail message as it is presented.

Dccm is given a message with envelope values, the SMTP headers, and
the body, and must give one of 2 recommendations, "accept" or "reject".
If the message has any of several envelope values (e.g. IP addresses) or
familiar headers from /var/dcc/whiteclnt, with "OK" (or "many"),
then dccm should say "accept" (or "reject").
Other headers or envelope values (e.g. IP addresses) are irrelevant,
whether they are unfamiliar DKIM headers or spammer forged Received headers.

Is the issue is knowing which headers to put in whiteclnt?  If so,
why worry?  Why not copy headers from mail messages or dccm log files 
of mail messages that you want to receive to /var/dcc/whiteclnt?
Why worry about what is "communicating" with what after you've done
whatever is needed to ensure that the right headers are in the mail
messages when they reach dccm?


vjs



More information about the DCC mailing list

Contact vjs@rhyolite.com by mail or use the form.