On Friday, September 18, 2015 04:59 PM CDT, "Bill Cole" <postfixlists-070...@billmail.scconsult.com> wrote:
> On 18 Sep 2015, at 14:29, Bruce Marriner wrote: > > > So I want to be able to set up Postfix so, if it passes DKIM or other > > checks that give me a high confidence then just skip the postgrey > > stuff > > entirely. > > In what exactly does a valid DKIM signature give you high confidence? I > suspect that this is misplaced... > > All a DKIM signature validation tells you is that a message was in fact > signed at the mail system where it claimed to have been signed by an > entity in control of the DNS for the domain identified the signature and > that none of the message fields specified in the DKIM header have been > changed in transit. Looking at the spam that has made it through my > filters this year, I see that 27% of those messages had a valid DKIM > signature, because in fact any spammer who can open a Yahoo account or > register a domain can send mail with a valid DKIM signature. Ah, well. I think you might be right about misplaced. I've been reading about this all day learning it and I've started to realize the same thing. I would like Now, why can't all the spammers just add a ThisIsSpam header. Sure would make my life easier :) I'd still like to reduce my dependency on postgrey. So, if has valid SPF, valid DKIM, has a low SpamAssassin score, <insert other possible test heres> then I could skip it without raising spam too much, or at all :). Postgrey just works so well :) I mean, if I have that on I get almost no spam. But sometimes somethings that should come though don't and many things are delayed. When I turn it off, I get tons of spam. So, I need to start adding more stuff into the mix like SpanAssassin, SPF, DKIM, whatever so I can reduce my Postgrey dependency a little. My first few google searches were covered in the DKIM/SPF stuff so I guess that's where I've started first.