>Rob McEwen wrote:
>>All I know for sure is this - for MANY legit emails - DKIM fails
>>some days later
On 28.02.23 12:52, Kris Deugau wrote:
>Hours.
>
>I've recently learned about this, in the context of trying to
>welcomelist legitimate senders. A 2-hour validity window for the DKIM
>signature is pretty common. :(
I hope these senders expire their e-mail 1.5 hours after sending...
This should be avoidable by using opendkim at SMTP time, and using
Mail::SpamAssassin::Plugin::AuthRes plugin in the way that DKIM rules aren't
rechecked if they are
I have SA 4.0 installed and Mail::SpamAssassin::Plugin::AuthRes available.
However, I don't see AuthRes plugin mention in .pre files nor in SA rules.
I will try to load it to see if it works.
> - when it had originally worked/validated at the time the
>>message was sent. I see this often in the real world when I rescan a
>>message to try to verify the impact on a message that a spam
>>filtering change caused - then notice that a very legit email that
>>original passed DKIM at the time the message was received - now
>>suddenly fails DKIM during this days-later rescan - and without ANY
>>changes to the message itself. I think that this is most likely
>>caused by DNS records for that DKIM being changed/updated.
>
>On most of those messages I expect it's an attribute set on the
>signature, not a rotated DKIM record.
>
>Look for "t=..." and "x=..." in the DKIM-Signature header. t= is the
>timestamp when it was signed, x= is when it expires.
--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
He who laughs last thinks slowest.
>>All I know for sure is this - for MANY legit emails - DKIM fails
>>some days later
On 28.02.23 12:52, Kris Deugau wrote:
>Hours.
>
>I've recently learned about this, in the context of trying to
>welcomelist legitimate senders. A 2-hour validity window for the DKIM
>signature is pretty common. :(
I hope these senders expire their e-mail 1.5 hours after sending...
This should be avoidable by using opendkim at SMTP time, and using
Mail::SpamAssassin::Plugin::AuthRes plugin in the way that DKIM rules aren't
rechecked if they are
I have SA 4.0 installed and Mail::SpamAssassin::Plugin::AuthRes available.
However, I don't see AuthRes plugin mention in .pre files nor in SA rules.
I will try to load it to see if it works.
> - when it had originally worked/validated at the time the
>>message was sent. I see this often in the real world when I rescan a
>>message to try to verify the impact on a message that a spam
>>filtering change caused - then notice that a very legit email that
>>original passed DKIM at the time the message was received - now
>>suddenly fails DKIM during this days-later rescan - and without ANY
>>changes to the message itself. I think that this is most likely
>>caused by DNS records for that DKIM being changed/updated.
>
>On most of those messages I expect it's an attribute set on the
>signature, not a rotated DKIM record.
>
>Look for "t=..." and "x=..." in the DKIM-Signature header. t= is the
>timestamp when it was signed, x= is when it expires.
--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
He who laughs last thinks slowest.