On Mon, 26 Jul 2021 08:08:10 -0400 Greg Troxel wrote:
> So -0.2 means that there are two dkim signatures, one for each, and > they are both valid. It could do, but usually it just means that the sender and author domains are the same. > > > BTW, looking at metas in 72_active.cf: > > > > meta XPRIO __XPRIO_MINFP && !DKIM_SIGNED && > > !__DKIM_DEPENDABLE && !DKIM_VALID && !DKIM_VALID_AU && > > !RCVD_IN_DNSWL_NONE meta XPRIO __XPRIO_MINFP && > > !DKIM_SIGNED && !__DKIM_DEPENDABLE && !DKIM_VALID && !DKIM_VALID_AU > > && !RCVD_IN_DNSWL_NONE && !SPF_PASS > > > > !DKIM_VALID && !DKIM_VALID_AU is redundant and !DKIM_VALID_AU > > should be enough > > I don't think so. These are negated. "&& !DKIM_SIGNED " means the rule can only be true if there's no signature, so none of the terms with __DKIM_DEPENDABLE, DKIM_VALID, and DKIM_VALID_AU make any difference. It's usually not a good idea to use DKIM_SIGNED because it relies on the plugin, whereas __DKIM_EXISTS and the duplicate rule __HAS_DKIM_SIGHD don't.