On 29/03/07, Marc Perkel <[EMAIL PROTECTED]> wrote: > I think what I'm looking for is to use domain keys to reject paypal > phishing and pther phishing of banks in particular. I found SPF to be > less that worthless and I'm hoping that domain keys are at least > somewhat useful. > > So if my goal is to get rid of at least most paypal phishing with no > false positives, will domain keys do that? If so - does someone have > some sample ACLs to share?
You should certainly give it a go. Here's something to get you started.... In a rcpt acl: warn control=dk_verify (this tells Exim to verify the DK signature of this message - you can put conditions round it if you don't want to verify all messages) and in a data acl: deny !dk_status = good dk_sender_domains = +strict_dk_domains Set up strict_dk_domains with a list of all domains for which you want to reject unless they pass DK. As always, I suggest setting up passive checking + logging for your target domains as a first step, and only moving to deny when you're confident that it's behaving. Peter -- Peter Bowyer Email: [EMAIL PROTECTED] -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
