Mailing List Archive

dkim super keysize
ifplugin Mail::SpamAssassin::Plugin::DKIM

dkim_minimum_key_bits 2048

meta DKIM_SUPER_KEYSIZE (DKIM_SIGNED && DKIM_VALID_AU &&
DKIM_VALID_EF)
describe DKIM_SUPER_KEYSIZE Meta: DKIM_SIGNED && DKIM_VALID_AU &&
DKIM_VALID_EF
score DKIM_SUPER_KEYSIZE -1.5 -1.5 -1.5 -1.5

# if you like
# tflags DKIM_SUPER_KEYSIZE autolearn_force learn nice

endif # Mail::SpamAssassin::Plugin::DKIM

good or bad rule ?

if good please masscheck it :)

KAM.cf ?
Re: dkim super keysize [ In reply to ]
On Mon, 29 Mar 2021 17:50:00 +0200
Benny Pedersen wrote:

> ifplugin Mail::SpamAssassin::Plugin::DKIM
>
> dkim_minimum_key_bits 2048
>
> meta DKIM_SUPER_KEYSIZE (DKIM_SIGNED && DKIM_VALID_AU &&
> DKIM_VALID_EF)
> describe DKIM_SUPER_KEYSIZE Meta: DKIM_SIGNED &&
> DKIM_VALID_AU && DKIM_VALID_EF
> score DKIM_SUPER_KEYSIZE -1.5 -1.5 -1.5 -1.5
>
> # if you like
> # tflags DKIM_SUPER_KEYSIZE autolearn_force learn nice
>
> endif # Mail::SpamAssassin::Plugin::DKIM
>
> good or bad rule ?

It doesn't seem very promising considering how much spam involves
getting a third-party to do the DKIM.

Also this would break authenticated whitelisting and various meta-rule
for 1024 bit signature, e.g. amazon.
Re: dkim super keysize [ In reply to ]
On 2021-03-29 18:30, RW wrote:

> It doesn't seem very promising considering how much spam involves
> getting a third-party to do the DKIM.

then set it to 4096 :)

i begin to make def_whitelist_from_dkim when it low key bits, then it
can stay at default key bits

> Also this would break authenticated whitelisting and various meta-rule
> for 1024 bit signature, e.g. amazon.

spf works for them, i just maked it since rspamd have now raised it
minimal keysize