------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugs.exim.org/show_bug.cgi?id=959 --- Comment #1 from Michael Haardt <[email protected]> 2010-01-28 11:18:20 --- > It would be nice if the DKIM implementation would also retrieve the policy > record (_domainkey.domain.tld and the _adsp._domainkey.domain.tld) when it > exists, and place the results in $dkim_xxxx variables. > > That way it would be possible to deny messages that are unsigned, but policy > states it signs all messages. I've tried doing it myself with dnsdb lookups, > but that became way too complex. To me, you need two things for ADSP: Check all required signers, not just those contained in signatures: dkim_verify_signers = ${map{${addresses:$h_from:}}{${domain:$item}}}:$dkim_signers And check the ADSP record: condition = ${if eq {$dkim_key_testing}{1} {false} {true}} dkim_status = none:invalid:fail condition = ${if match {${lookup dnsdb{txt=_adsp._domainkey.$dkim_cur_signer}}} {^dkim[ ]*=[ ]*discardable} {true} {false}} The second is just an idea, and may be wrong, because it does not look too complex. ;) Of course you need to sign mails by all required signers. The patch I offered for discussion addresses that. Michael -- Configure bugmail: http://bugs.exim.org/userprefs.cgi?tab=email -- ## List details at http://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
