Benny, > i was reading opendkim readme's, where i found that it could limit how > much of body that it signs dkim l=.. (bodylenght) > > just unsure if thats supported in Mail::DKIM, else i just hope that > maillist dont change my body or remove dkim header so it atleast not > make dkim softfails
The 'l' tag is supported by Mail::DKIM, but not by the signing code in amavisd (the verification side does support it). Support for supplying the 'l' tag on signing is not provided intentionally. It is a very much deprecated feature in DKIM, kept only because it is hard to drop some feature in a RFC once it has been published. A message signed with a 'l' offers a goldmine for black hats, as they can take the message (e.g. when posted to some mailing list), append whatever junk they want, and dispatch it in quantities throught their spamming channels - and each modified message would still carry a valid signature from an original poster. It goes very much against the very purpose of DKIM. Don't use it. It can cause more harm than is worth. Mark ------------------------------------------------------------------------------ _______________________________________________ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user Please visit http://www.ijs.si/software/amavisd/ regularly For administrativa requests please send email to rainer at openantivirus dot org
