>>>> askdns LOCAL_DNSWL_IN_DWL _DKIMDOMAIN_.dwl.dnswl.org TXT
On 30.09.22 20:57, Matus UHLAR - fantomas wrote:
>I'm not sure it should be done with _DKIMDOMAIN_, it's described to
>contain all valid signatures:
>
> _DKIMDOMAIN_
> Signing Domain Identifier (SDID) (the 'd' tag) from valid signatures;
>
>
>the rule should be used with from domain, and only when DKIM_VALID_AU applies.
>
>I have checked with one of mails in my archive and added to user_prefs
>add_header all dkimdomain _DKIMDOMAIN_
>
>the result:
>
>Authentication-Results: fantomas.fantomas.sk;
> dkim=pass (2048-bit key; unprotected) header.d=threecollectivemarketing.com header.i=info@threecollectivemarketing.com header.a=rsa-sha256 header.s=ipz header.b=LJOUNANX;
> dkim=pass (2048-bit key; unprotected) header.d=mx-router-i.com header.i=@mx-router-i.com header.a=rsa-sha256 header.s=ipzs2 header.b=qAQp4Ntr;
>From: Zebra Blinds <info@threecollectivemarketing.com>
>X-Spam-dkimdomain: threecollectivemarketing.com mx-router-i.com
>
>so I guess the rules published on https://www.dnswl.org/?p=311
>are invalid
>
>... unless _DKIMDOMAIN_ is used as array - multiple times
I have found other rules using _DKIMDOMAIN_:
20_dnsbl_tests.cf:#askdns __DKIMDOMAIN_IN_DWL_ANY _DKIMDOMAIN_._vouch.dwl.spamhaus.org TXT
72_active.cf:askdns __DKIMWL_FREEMAIL _DKIMDOMAIN_.lookup.dkimwl.org A /^127\.\d+\.3\.\d+$/
72_active.cf:askdns __DKIMWL_BULKMAIL _DKIMDOMAIN_.lookup.dkimwl.org A /^127\.\d+\.2\.\d+$/
72_active.cf:askdns __DKIMWL_WL_HI _DKIMDOMAIN_.lookup.dkimwl.org A /^127\.\d+\.\d+\.5$/
72_active.cf:askdns __DKIMWL_WL_MEDHI _DKIMDOMAIN_.lookup.dkimwl.org A /^127\.\d+\.\d+\.4$/
72_active.cf:askdns __DKIMWL_WL_MED _DKIMDOMAIN_.lookup.dkimwl.org A /^127\.\d+\.\d+\.3$/
72_active.cf:askdns __DKIMWL_WL_BL _DKIMDOMAIN_.lookup.dkimwl.org A /^127\.\d+\.\d+\.0$/
72_active.cf:askdns __DKIMWL_BLOCKED _DKIMDOMAIN_.lookup.dkimwl.org A /^127\.255\.255\.255$/
perhaps these all should replace _DKIMDOMAIN_ by _AUTHORDOMAIN_ and AND-ed
with DKIM_VALID_AU.
can these checks be made the way DNS queries are done only when DKIM_VALID_AU
matches?
perhaps playing with priority
--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Spam is for losers who can't get business any other way.
On 30.09.22 20:57, Matus UHLAR - fantomas wrote:
>I'm not sure it should be done with _DKIMDOMAIN_, it's described to
>contain all valid signatures:
>
> _DKIMDOMAIN_
> Signing Domain Identifier (SDID) (the 'd' tag) from valid signatures;
>
>
>the rule should be used with from domain, and only when DKIM_VALID_AU applies.
>
>I have checked with one of mails in my archive and added to user_prefs
>add_header all dkimdomain _DKIMDOMAIN_
>
>the result:
>
>Authentication-Results: fantomas.fantomas.sk;
> dkim=pass (2048-bit key; unprotected) header.d=threecollectivemarketing.com header.i=info@threecollectivemarketing.com header.a=rsa-sha256 header.s=ipz header.b=LJOUNANX;
> dkim=pass (2048-bit key; unprotected) header.d=mx-router-i.com header.i=@mx-router-i.com header.a=rsa-sha256 header.s=ipzs2 header.b=qAQp4Ntr;
>From: Zebra Blinds <info@threecollectivemarketing.com>
>X-Spam-dkimdomain: threecollectivemarketing.com mx-router-i.com
>
>so I guess the rules published on https://www.dnswl.org/?p=311
>are invalid
>
>... unless _DKIMDOMAIN_ is used as array - multiple times
I have found other rules using _DKIMDOMAIN_:
20_dnsbl_tests.cf:#askdns __DKIMDOMAIN_IN_DWL_ANY _DKIMDOMAIN_._vouch.dwl.spamhaus.org TXT
72_active.cf:askdns __DKIMWL_FREEMAIL _DKIMDOMAIN_.lookup.dkimwl.org A /^127\.\d+\.3\.\d+$/
72_active.cf:askdns __DKIMWL_BULKMAIL _DKIMDOMAIN_.lookup.dkimwl.org A /^127\.\d+\.2\.\d+$/
72_active.cf:askdns __DKIMWL_WL_HI _DKIMDOMAIN_.lookup.dkimwl.org A /^127\.\d+\.\d+\.5$/
72_active.cf:askdns __DKIMWL_WL_MEDHI _DKIMDOMAIN_.lookup.dkimwl.org A /^127\.\d+\.\d+\.4$/
72_active.cf:askdns __DKIMWL_WL_MED _DKIMDOMAIN_.lookup.dkimwl.org A /^127\.\d+\.\d+\.3$/
72_active.cf:askdns __DKIMWL_WL_BL _DKIMDOMAIN_.lookup.dkimwl.org A /^127\.\d+\.\d+\.0$/
72_active.cf:askdns __DKIMWL_BLOCKED _DKIMDOMAIN_.lookup.dkimwl.org A /^127\.255\.255\.255$/
perhaps these all should replace _DKIMDOMAIN_ by _AUTHORDOMAIN_ and AND-ed
with DKIM_VALID_AU.
can these checks be made the way DNS queries are done only when DKIM_VALID_AU
matches?
perhaps playing with priority
--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Spam is for losers who can't get business any other way.