On 1/10/2018 9:53 PM, li...@lazygranch.com wrote:
RTFMing, I see that both opendkim and python-policyd-spf have whitelisting capabilities (especially python-policyd-spf). But for the most part, my legitimate incoming email passes DKIM or SPF, but often not both. What I would like to do is accept email that passes either DKIM or SPF, but the milters are not connected in anyway that I can see. What I'm trying to avoid is setting up whitelists for each domain based on which method of identity the sysop decided to implement.
That sounds like a problematic approach to me.
If an administrator of a domain sets up DNS for SPF records and then fails, it should fail. If an administrator of a domain sets up DNS for DKIM records and that fails, it should fail.
If an email is failing either, the administrator of the sending domain fails either, that indicates a problem. Assuming your system isn't breaking DKIM, the sender really should be notified to resolve the issue. Whitelisting would really open you up to problems.
Regards, KAM
