------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugs.exim.org/show_bug.cgi?id=959 --- Comment #4 from Ralf van der enden <[email protected]> 2010-01-28 14:29:07 --- > To me, you need two things for ADSP: Check all required signers, not > just those contained in signatures: > > dkim_verify_signers = > ${map{${addresses:$h_from:}}{${domain:$item}}}:$dkim_signers > I agree. I had changed my dkim_verify_signers to the following: dkim_verify_signers = $sender_address_domain:$dkim_signers > And check the ADSP record: > > condition = ${if eq {$dkim_key_testing}{1} {false} {true}} > dkim_status = none:invalid:fail > condition = ${if match {${lookup > dnsdb{txt=_adsp._domainkey.$dkim_cur_signer}}} {^dkim[ ]*=[ > ]*discardable} {true} {false}} > > The second is just an idea, and may be wrong, because it does not > look too complex. ;) > I believe exim (pdkim) should check if a policy record exists and return the result of that in a variable. Besides. If a mail is unsigned, $dkim_key_testing is undefined. Also, when the i=xxxx tag is used in the header, $dkim_cur_signer can contain an address instead of just a domain which results in a bogus dnsdb lookup. -- Configure bugmail: http://bugs.exim.org/userprefs.cgi?tab=email -- ## List details at http://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
