turning on DKIM verification for the email lists

John Ralls jralls at ceridwen.us
Mon Dec 9 10:47:27 EST 2013


On Dec 9, 2013, at 6:04 AM, Derek Atkins <warlord at MIT.EDU> wrote:

> John Ralls <jralls at ceridwen.us> writes:
> 
>> On Dec 6, 2013, at 7:32 AM, Derek Atkins <warlord at MIT.EDU> wrote:
>> 
>>> Hey, all,
>>> 
>>> I just wanted to let people know that I'm considering turning up the
>>> DKIM validation knob on incoming mail to the gnucash server.  In
>>> particular I plan to have the mail server discard mail that fails DKIM
>>> signature validation, and I'm debating turning on ADSPDiscard, although
>>> if I do this I probably need to get it to ignore local mail.
>>> 
>>> This is after a conversion I had yesterday with an admin at apple.com
>>> based on a mailman bounce to a forged address that got sent up to
>>> spamcop.
>>> 
>>> Please let me know your thoughts.
>> 
>> My understanding of that is that it will result only in dropping mail
>> which lacks a DKIM signature but the supposed source domain's DNS
>> record says that it should be signed and that unsigned mail should be
>> discarded. Do you really see that much traffic meeting those
>> conditions?
> 
> Looking at the particular resources involved it wouldn't have stopped
> the apple.com mail from arriving; they don't specify to drop unsigned
> email!  So it wouldn't have even helped here.  :-/
> 
> Still, it's led me to the desire to upgrade code to a newer OS (it's
> 2-1/2 years out of date).  My plan is to work on that over the Xmas/New
> Years holiday breaks.  I've got 5 blocks of 2-day breaks between the
> 20th and 6th where I plan to install a new system and hopefully migrate
> the existing code services.

OK, as long as there aren't any interruptions until after the 2.6 release!

Regards,
John Ralls



More information about the gnucash-devel mailing list