I'm experimenting with the DK ACL support, and seeing interesting results. I'm not (yet) signing any outgoing mail, but I want to use DK verification to support whitelisting of known problematic sending domains - notably yahoogroups.com, which reacts badly to greylisting and false positives.
I'm verifying DK on most incoming messages that get past the header checks - that part is working OK. I'm logging DK verification results so that I can see what is signed, what isn't, what verifies OK, what doesn't. I'm seeing a good mix, all seems to be functioning. However my initial desire to use this to whitelist yahoogroups.com is failing because a good proportion of mail from them is reported as 'bad' - the DK verification fails. I'm wondering if this is dodgy signing from Yahoo, or something going awry in the DK support in Exim, or in libdomainkeys. Before I head down the dragon-infested route elswhere - is anyone else using DK verification in Exim with any success, for this or any other use case? (Oh, and 'domainkeys yahoogroups' is very difficult to Google for... try it....) Exim 4.63, libdomainkeys 0.68, all on Linux FC6. An extract from the DATA ACL: warn !dk_status = no signature message = DomainKey-Status: $dk_status log_message = DOMAINKEYS: $dk_status for $dk_sender_domain accept dk_status = good dk_sender_domains = +dk_whitelist_domains logwrite = DOMAINKEYS: Whitelisted for $dk_sender_domain warn dk_status = good logwrite = DOMAINKEYS: Good sig but no whitelist for $dk_sender_domain warn !dk_status = good dk_sender_domains = +dk_whitelist_domains logwrite = DOMAINKEYS: Whitelisted domain but status $dk_status for $dk_sender_domain Peter -- Peter Bowyer Email: [EMAIL PROTECTED] -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
