On Sat, 31 Dec 2016 11:24:55 -0800 Ian Zimmerman wrote: > I have a frequent correspondent on AOL. I have whitelisted her with > > whitelist_auth my...@aol.com > > and that is in fact the address on her mails (both envelope and > From:). But the whitelist rule doesn't fire, even though DKIM_VALID > _does_ fire. How so? > > I noticed that the domain with which AOL DKIM-signs is not aol.com, > but mx.aol.com. Could that be the reason?
Yes, whitelist_auth requires DKIM_VALID_AU. The use of the subdomain is something that's allowed under DMARC. > If yes, is there a way to > make the whitelist work in this case? You have to use whitelist_from_dkim my...@aol.com mx.aol.com