Mailscanner disturbs my domainkey?

[John Rudd]

On Oct 1, 2005, at 6:31 AM, Julian Field wrote:
>> In any case, any good info, pointers, tips on getting domainkeys to
>> work using sendmail+MailScanner would be appreciated. I've already set
>> up SPF, but having domainkeys as well would be a plus.
>
>  From what I have seen over the past 20 years or so is that the usual
> practice is to put "Received" headers at the top, and all X- headers 
> and
> other header modifications at the bottom. If they produce one exception
> saying that all new headers must be before the domainkeys header, then
> how many others are there likely to be in future? They have somewhat
> changed the rules.
>

There's no "somewhat" about it.  If you embrace DomainKeys, then you 
have to accept that the rules have changed.

With DomainKeys, all new headers have to be added above the DomainKeys 
header (the easiest way is to add them to the beginning of all of the 
headers; this is what the new spamassassin does).  You also may not 
modify the subject, change the body content, because you may not modify 
anything after the DomainKeys header.


So, when MailScanner wants to modify the body of a message, you would 
almost want-to/have-to get rid of the DomainKey header.  In that case, 
I would recommend a new MailScanner header that behaves as follows:

X-%ORG-MAILSCANNER-DomainKey:

    a) if passed domain key, and subject/body not modified:
       above header value is: "Passed"
       and keep domain key header

    b) if failed domain key, and subject/body not modified:
       above header value is: "Failed"
       and keep the domain key header

    c) if passed domain key, but header removed due to modifying the 
subject and/or message body, then:
       above header value is: "Passed, Removed"
       and remove the domain key header

    d) if failed, and body/subject modified:
       above header value is: "Failed, Removed"
       and remove the domain key header


And, of course, any headers that MS adds, from now on, they should be 
added to the beginning of the header list (easier to just 'always do 
that', instead of trying to have special cases like "if header exists, 
add to top, else add to bottom' or "find header, add new headers just 
above it", etc.  Easier to just do what the new spamassassin does: add 
to the top, always ... and this also makes it easier for mail admins to 
forensically see when a header got added, as they will be between 
received headers ... though it does make reading the received headers 
more painful).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!