0

We have developers who like to do things their own way, regardless of advice given. One of these is to send emails with completely bogus sender-addresses

I'd like to get OpenDKIM to reject or drop emails that it can't sign - is this possible?

Jan  4 21:30:25 smtp2 opendkim: 12345: no signing table match for 'accounts@trendyhostname.co'
Jan  4 21:30:25 smtp2 opendkim: 12345: no signature data

There are no configuration options that seem relevant other than SendReports yes which generates a new email back to the sender while continuing to send the unsigned original.

I've explored Canonicalization but that's unrelated.

Question: Can OpenDKIM stop delivery of an email that it can't sign ?

Criggie
  • 2,320
  • 14
  • 27
  • The best I can get is for sendmail to reject an email if opendkim is not running, by following https://www.ibm.com/docs/en/aix/7.2?topic=api-sendmail-filter-configurations and appending a , F=R in the S= section. This isn't what I wanted. – Criggie Jan 11 '24 at 23:08
  • 2
    It's not the job of the DKIM signer to stop mails from being sent, that's the job of the MTA. If you are using sendmail, sendmail is the right place to reject the mails. – Gerald Schneider Jan 15 '24 at 06:09
  • @GeraldSchneider excellent point - I've been going at this the wrong way. Could you post that as an answer so this can have a target for closure ? – Criggie Jan 15 '24 at 10:24

1 Answers1

1

the only job of the DKIM signer (in your case OpenDKIM) is to sign outgoing emails with the configured signign keys. It is not responsible for transporting the mails, that is the job of your installed mail transport agent (MTA).

If you are using sendmail, sendmail needs to be configured to accept only authenticated connections and reject mails from connections that are not authenticated.

Gerald Schneider
  • 25,025
  • 8
  • 61
  • 90
  • Thank you for refocusing me on the real problem - I was clearly distracted by OpenDKIM's warning messages, when the MTA is what needs to do the hard work here. – Criggie Jan 15 '24 at 10:31