<p>There is the oossibility that Jules could make it si that if there is a dkim sig, the truncation wouldn't happen... So you could do botgh, sort of.<br>
But for now, just set the trubcation higher than your mta size limit, or whatever way you'd like, to disabke it.</p>
<p>Cheers&merry xmas</p>
<p><blockquote type="cite">Den 24 dec 2010 00.47, "Adam Bernstein" <<a href="mailto:adam@electricembers.net">adam@electricembers.net</a>> skrev:<br><br>I'm reporting a problem we just ran into while getting up to speed on DKIM, as it looks a lot like a bug but actually indicates a fundamental limitation to our MS/SA/DKIM configuration that might impact others. I don't think there's anything for MS to do about it, but I have a fantasy that there's something I'm missing....<br>
<br>
THE PROBLEM:<br>
<br>
Mailscanner has the "Max SpamAssassin Size" parameter, to truncate messages before handing them off to SA. It defaults to 90KB (we have it set much smaller, but this changes only the extent of the effects, not the basic problem). But if you want to take advantage of DKIM verification to contribute to the spam score, then it's SA that calls on Mail::DKIM to evaluate the signature. And if it's a large message, it's been truncated by MS before handing off to SA, so it no longer matches the signature. So even with a valid signature, DKIM verification fails for large messages.<br>
<br>
--------------------<br>
<br>
The solution? Well, all I can imagine is either:<br>
1. don't truncate at all in Mailscanner, because after all, DKIM is designed to disapprove of message modification<br>
or<br>
2. do the DKIM verification separately, before the message gets submitted to MS at all, via the milter or proxy tools<br>
<br>
But #2 is a great deal more work than just enabling the DKIM plugin in SA, right? So that leaves us with #1. I guess if we were running just bare SA with no MS, truncation wouldn't even be an option and we would always scan the full message, so this isn't really a loss. But it would sure be nice to take advantage of the MS layer to reduce unnecessary cycles.<br>
<br>
I think what's really needed is a "Max Scan Bytes" setting in SA, so it can impose the limit on all its other tests while internally exempting DKIM verification, but I don't see that happening.<br>
<br>
Have I missed anything? Or is this just a basic feature of our setup that we'll have to accept?<br>
<br>
Thanks much!<br>
<br>
adam<br><font color="#888888">
-- <br>
MailScanner mailing list<br>
<a href="mailto:mailscanner@lists.mailscanner.info" target="_blank">mailscanner@lists.mailscanner.info</a><br>
<a href="http://lists.mailscanner.info/mailman/listinfo/mailscanner" target="_blank">http://lists.mailscanner.info/mailman/listinfo/mailscanner</a><br>
<br>
Before posting, read <a href="http://wiki.mailscanner.info/posting" target="_blank">http://wiki.mailscanner.info/posting</a><br>
<br>
Support MailScanner development - buy the book off the website! </font></blockquote></p>