OpenDKIM, ExemptDomains and verifying mailing lists messages

From: Jim Pirzyk <>
Date: Thu, 21 Aug 2014 10:56:58 -0500


I have installed OpenDKIM 2.9.2 in Sendmail on my mail server and it is working as advertised. I have set it up to reject mail with bad signatures (i.e. "On-BadSignature reject" in my opendkim.conf file).

Hereís an example Iím having issues with: sends me mail directly, OpenDKIM validates the signature and I get it successfully.

If sends mail to a mailing list (say, the mail is rejected because of a bad signature. The mailing list software added headers and footers.

I tried adding to ExemptDomains but in my debugging the ExemptDomains really uses the domain of the DKIM signature, not the domain of the mailís From address.

The documentation implies to me it should be using the From address, not the DKIM signing domain:

       ExemptDomains (dataset)
              Specifies a set of domains, mail from which should be ignored
              entirely by the filter. This is similar to the PeerList setting
              except that it bases its decision on the sender of the message
              as identified from the header fields or other message data, not
              the identity of the SMTP client sending the message.

the sender of the message is, not I can add to the ExemptDomains but then *all* messages will be not verified. I would like to only exclude mailing list messages from verification.

Is there a way to do this or do we need a feature enhancement (DontVerifyMailFrom) ? If the latter maybe the ExemptDomains should be ExemptDKIMDomains ?


- JimP

--- _at_(#) $Id: dot.signature,v 1.15 2007/12/27 15:06:13 pirzyk Exp $
    __o --------------------------------------------------
(*)/ (*) I'd rather be out biking.

Received on Thu Aug 21 2014 - 15:57:19 PST

This archive was generated by hypermail 2.3.0 : Thu Aug 21 2014 - 16:00:01 PST