Peter Bowyer wrote: > On 29/03/07, Marc Perkel <[EMAIL PROTECTED]> wrote: > >> I think what I'm looking for is to use domain keys to reject paypal >> phishing and pther phishing of banks in particular. I found SPF to be >> less that worthless and I'm hoping that domain keys are at least >> somewhat useful. >> >> So if my goal is to get rid of at least most paypal phishing with no >> false positives, will domain keys do that? If so - does someone have >> some sample ACLs to share? >> > > You should certainly give it a go. Here's something to get you started.... > > In a rcpt acl: > > warn control=dk_verify > > (this tells Exim to verify the DK signature of this message - you can > put conditions round it if you don't want to verify all messages) > > and in a data acl: > > deny !dk_status = good > dk_sender_domains = +strict_dk_domains > > Set up strict_dk_domains with a list of all domains for which you want > to reject unless they pass DK. > > As always, I suggest setting up passive checking + logging for your > target domains as a first step, and only moving to deny when you're > confident that it's behaving. > > Peter > >
Just one quick question. Do domain keys break email forwarding the way SPF does? -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
