Has anybody tried to make qmail sign bounce messages? I tried
setting the DKSIGN and QMAILQUEUE variables in my qmail-send startup
script. That worked; bounce messages got signed. Unfortunately, it
caused legitimate messages to get bounced (but at least the bounces
were signed.) The problem seemed to occur with messages that were
forwarded or delivered via an alias. They were bounced with a
message saying:
Unable to forward message: mail server permanently rejected message
(#5.3.0).
I'm not sure exactly what the problem is, but I'm guessing that for
some reason when qmail-dk gets invoked for the message's second trip
through the queue, it gets upset about something.
I know it's better to reject messages at the smtp level instead of
bouncing them whenever possible, and that's how I do most of my spam
control (validrcptto patch, rbls, spamassassin invoked via simscan,
etc.), but there are still some messages that get through that level
and need to get bounced. For example, ezmlm will bounce messages
that can't/shouldn't be delivered to a list for some reason. Since I
can't eliminate all bounces, I'd like to sign the ones I do generate.
|