LuKreme, > > adsp_override blizzard.com custom_high > > adsp_override *.blizzard.com custom_high > OK, and than I just do that for every doamin?
Yes, for every domain that you are sure to always provide a valid DKIM or DK signatures and always send directly, and after you make sure that your mailer setup or upstream relay does not clobber them. Note that several of these are already listed in the distributed rules ( 60_adsp_override_dkim.cf ), but you may want to bump up the score of rules: DKIM_ADSP_CUSTOM_LOW, DKIM_ADSP_CUSTOM_MED, DKIM_ADSP_CUSTOM_HIGH, DKIM_ADSP_ALL, DKIM_ADSP_DISCARD, DKIM_ADSP_NXDOMAIN For domains with normal users (not just direct-send-only) which also send mail through mailing list (invalidating signatures) only a small score penalty is suitable, which is why there are three additional levels of ADSP overrides (_low, _med, _high), so that you can choose which score to use for which domain. Actually, domains which sign all mail but occasionally send through mailing lists (like gmail.com and yahoo) are the reason for rules NML_ADSP_* in 25_dkim.cf, which are much like their DKIM_ADSP_* counterparts, but avoid hitting when mail appears to be coming through a mailing list. > Sorry for the confusion, but I seem to have wiped the memory banks on all > of this in the last 3 years or so. Yes, the DKIM plugin and its underlying Mail::DKIM have advanced with SpamAssassin 3.3.0. > What I want: > > 1) Message from blizzard that has no dkim gets scored +10 adsp_override blizzard.com custom_high (choose either 'discard' or 'custom_high' or 'custom_med', then assign score 10 to the chosen DKIM_ADSP_* rule) > 2) Message from blizzard that passes dkim gets scored -1 (or something) full DKIM_VALID_BLIZZ eval:check_dkim_valid(blizzard.com) score DKIM_VALID_BLIZZ -1 full DKIM_VALID_YG eval:check_dkim_valid(gmail.com, googlemail.com, googlegroups.com, yahoogroups.com, .yahoo.com, .yahoo.ca, .yahoo.de, .yahoo.fr, .yahoo.in, .yahoo.co.in, .yahoo.co.jp, .yahoo.co.nz, .yahoo.co.uk, .yahoo.com.hk, .yahoo.com.ph, .yahoo.com.vn) score DKIM_VALID_YG -0.5 This is similar to whitelist_from_dkim, but allows one to choose different scores for different domains. > 3) Message from random idiot that passes dkim gets scored -0.1 score DKIM_VALID -0.1 (which is a default anyway) > 4) message that FAIL DKIM (or SPF hard fail) get scored +5 You'd only want to do that for domain which you know will always provide a valid signature. Covered by adsp_override rules, as above. There must not be a distinction between handling a mail with a present but broken signature, and a mail with no signature, as it is easy to forge either, and spammer can choose to use the one which is most advantageous to him. > 5) Message from random idiot that passes SPF gets scored -0.001 > > I think that's about what I had in 3.2.5, only blizzard was a list of > 'known' senders, like paypal, amazon, citibanc, apple.com, ebay, &c. > > adsp_override battle.net custom_high > adsp_override blizzard.com custom_high > adsp_override amazon.com custom_high > adsp_override *.ebay.com custom_high > adsp_override ebay.com custom_high > > and so on? > > And, since I'm here, how do I setup DKIM signing on my outbound mail? By using either amavisd-new : http://www.ijs.si/software/amavisd/amavisd-new-docs.html#dkim or OpenDKIM milter (with sendmail or postfix): http://www.opendkim.org/ Mark
