Having opendkim reject unsigned email from domains with adsp dkim=all

From: Benoit Panizzon <panizzon_at_woody.ch>
Date: Fri, 2 Nov 2012 14:58:51 +0100

Hey out there

Using Version: 2.0.1+dfsg-1 (debian 6.0.5)

Probably I have configured something wrongly...

mail._domainkey.woody.ch descriptive text "v=DKIM1\; g=*\; k=rsa\;

_adsp._domainkey.woody.ch descriptive text "dkim=all\;"

Now I would like to have other DKIM users (or my server) reject all emails
with 'fake' sender _at_woody.ch which are not signed. I assumed this was the
default behavior.

ADSPDiscard yes
LogWhy yes
On-BadSignature r
On-KeyNotFound r
#On-NoSignature r

With above settings, those emails don't get rejected, I just get a header

Authentication-Results: magma.woody.ch; dkim=none (no signature);
        dkim-adsp=fail (insecure policy)

If I enable On-NoSignature than all unsigned email, even those who don't use
dkim at all, get rejected by the milter, not what I want either :-)

So what am I doing wrong?

SPAM SPAM SPAM SPAM / Hormel's new miracle meat in a can
Tastes fine, saves time. / If you want something grand, / Ask for SPAM!
  - Hormel's 1937 jingle for SPAM
Hippopotomonstrosesquippedaliophobia sh: http://en.wikipedia.org/wiki/-phobia
Received on Fri Nov 02 2012 - 13:59:08 PST

This archive was generated by hypermail 2.3.0 : Fri Nov 02 2012 - 14:09:01 PST