spamassassin

Private Sender nobody at snovc.com
Wed Feb 19 04:01:58 UTC 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 

On 2/18/2014 7:10 PM, Suresh Ramasubramanian wrote:
> DKIM serves to authenticate the source of the message. So this is a stock
> tip spam sent through an email service provider called icontact, and the
> dkim signature declares that.  Just that and nothing more.
>
> Says nothing at all about the email's reputation - whether it is spam or
> not.
>
> --srs
>
> On Tuesday, February 18, 2014, Randy Bush <randy at psg.com> wrote:
>
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 

On 2/18/2014 7:10 PM, Suresh Ramasubramanian wrote:
> DKIM serves to authenticate the source of the message. So this is a stock
> tip spam sent through an email service provider called icontact, and the
> dkim signature declares that.  Just that and nothing more.
>
> Says nothing at all about the email's reputation - whether it is spam or
> not.
>
> --srs
>
> On Tuesday, February 18, 2014, Randy Bush <randy at psg.com> wrote:
>

Yeah, it just validates the domain that the email came from.

But,

"X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on ran.psg.com
X-Spam-Level:
X-Spam-Status: No, score=0.8 required=5.0
tests=BAYES_50,HTML_MESSAGE,MIME_QP_LONG_LINE,*T_DKIM_INVALID*
autolearn=ham version=3.3.2"

Spamassassin knows the dkim signature is invalid, so there must be a dns
query that occurs at this point in the message processing.

If that is the case, there must be someway to configure to reject if the
dkim signature is invalid.

"X-Spam-Status: No, score=0.8 required=5.0"

Spamassassin isn't going to block anything until it registers a score of
5. So, just having a dkim signature (even though invalid) is possibly
lowering the score. Maybe you could tweak the settings to pick-off spam
at a lower score. But, setting your levels down to 0.8 would probably
block legitimate email.

You could always block their ip in the helo_access (or iptables) of your
postfix server (I'm assuming that's what you are using). But that's only
going to be a temporary fix.

You could also add a rbl query to your mail server config to spamhaus.
That could always help.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
 
iQEcBAEBAgAGBQJTBCy2AAoJEMBLKVFKNw4KFDUH/RktUI0ybOj0ruWw06RZUzcD
bHiFb/QUahqXihFQMkSwofjV/WovcGkSQgCpzM3XFyGdoo79KzgJ9ByrlPLfIOdI
m/pvcRSODl+rOsaXR1VS0bUyTtdRzEdRZ2EQxvXeaSIOnsZCegG+noY+7GJ5U70o
NyctfgEod0sxFqeJKTzjXpCaXJsuwFBUL3PlLXVWE6ilAtaxh8KBCmIG/kFMrtoG
P+DlTm17d63WZeVBvsZ7YHe/moVm57gBLCsmA8aI6qgqdCGbpkT3p/rKAEcqeV6z
RyyIC4vm9gaaJmuh7Cz7hoM2whGsWSxfrNaGV0hCRoNGBAup5NFIQQfsTn858Dc=
=Aztz
-----END PGP SIGNATURE-----



More information about the NANOG mailing list