turning on DKIM verification for the email lists
John Ralls
jralls at ceridwen.us
Mon Dec 9 10:47:27 EST 2013
On Dec 9, 2013, at 6:04 AM, Derek Atkins <warlord at MIT.EDU> wrote:
> John Ralls <jralls at ceridwen.us> writes:
>
>> On Dec 6, 2013, at 7:32 AM, Derek Atkins <warlord at MIT.EDU> wrote:
>>
>>> Hey, all,
>>>
>>> I just wanted to let people know that I'm considering turning up the
>>> DKIM validation knob on incoming mail to the gnucash server. In
>>> particular I plan to have the mail server discard mail that fails DKIM
>>> signature validation, and I'm debating turning on ADSPDiscard, although
>>> if I do this I probably need to get it to ignore local mail.
>>>
>>> This is after a conversion I had yesterday with an admin at apple.com
>>> based on a mailman bounce to a forged address that got sent up to
>>> spamcop.
>>>
>>> Please let me know your thoughts.
>>
>> My understanding of that is that it will result only in dropping mail
>> which lacks a DKIM signature but the supposed source domain's DNS
>> record says that it should be signed and that unsigned mail should be
>> discarded. Do you really see that much traffic meeting those
>> conditions?
>
> Looking at the particular resources involved it wouldn't have stopped
> the apple.com mail from arriving; they don't specify to drop unsigned
> email! So it wouldn't have even helped here. :-/
>
> Still, it's led me to the desire to upgrade code to a newer OS (it's
> 2-1/2 years out of date). My plan is to work on that over the Xmas/New
> Years holiday breaks. I've got 5 blocks of 2-day breaks between the
> 20th and 6th where I plan to install a new system and hopefully migrate
> the existing code services.
OK, as long as there aren't any interruptions until after the 2.6 release!
Regards,
John Ralls
More information about the gnucash-devel
mailing list