3

I'd like how where (and how) to configure amavisd-new + postfix to reject e-mails that fail DKIM verification.

In every guide and piece of documentation that I've read so far, the concern seems to be limited to signing outgoing e-mails, and not at all about specifying the appropriate action to take after verifying incoming signed e-mails, specifically when the verification has failed. One such example is this page and even the actual documentation of amavisd-new.

I've had $enable_dkim_verification = 1; in the Amavis configuration file for ages. However, every single spam message that lands in my inbox has no SPF record and is not signed with DKIM. I am the only user on my VPS and domain.

I am obviously lacking some key information about the Amavis configuration and how the program itself works. And I'd rather not have to install OpenDKIM for this specific purpose.

AbVog
  • 621

1 Answers1

0

Well, from my understanding, enabling DKIM doesn't mean that message that do not have DKIM signature will be classified as spam, it just mean that it will verify if DKIM signature that are present in message are valid, and so whitelist this message, because without DKIM signature you can not search for domain key. (look for DMARC validation instead).

dominix
  • 176