We've been using dkim-milter-2.4.0 for some time to validate DKIM
signatures in e-mail messages. Sendmail adds a header like this:
Authentication-Results: electra.cc.umanitoba.ca; dkim=pass (512-bit key)
[email protected]
I use Authentication-Results as a substitute header so that DCC will
compute checksums for this header. This technique works very nicely
for whitelisting of messages where the source is known to be free of
spam.
We've had a problem recently with phishing e-mail that forges
[email protected] as the sender. I hoped to apply the same
technique, but Amazon is only using the older DomainKeys signing
method. Fortunately, dkim-milter can validate both, so I built
dkim-milter-2.8.3 with libdk included. For a message signed by both
methods, sendmail now adds two headers, like this:
Authentication-Results: setup01.cc.umanitoba.ca; domainkeys=pass (testing)
[email protected]
Authentication-Results: setup01.cc.umanitoba.ca; dkim=pass (1024-bit key)
[email protected]; x-dkim-adsp=none
The second one has a newline and a tab between the two lines. I assume
that DCC will rejoin these lines somehow, but what do I specify as the
substitute header. As well, they've changed the format of the header,
breaking all the checksums. I'd have to re-list them all.
More importantly, what is DCC going to do with the duplicate header
field names? Will it just compute two checksums? In that case, I
suppose it will all work.
--
-Gary Mills- -Unix Group- -Computer and Network Services-
_______________________________________________
DCC mailing list [email protected]
http://www.rhyolite.com/mailman/listinfo/dcc
