On 30/04/2012 23:37, Wolfgang Breyha wrote:
On 2012-04-30 09:18, Robert Wysocki wrote:
Thanks for the conditions, but if I read the documentation right,
acl_smtp_dkim is evaluated based on envelope-from, so including this
condition won't do me any good.
Which part of the documentation are you referring to?
Reading
http://www.exim.org/exim-html-current/doc/html/spec_html/ch54.html
2. Verifying DKIM signatures in incoming mail
clearly says:
"The global option dkim_verify_signers can be set to a colon-separated list
of DKIM domains or identities for which the ACL acl_smtp_dkim is called."
So...
For example when I have a mail:
From [email protected]
.
.
.
From:<[email protected]>
and I have:
dkim_verify_signers = mydomain.tld:$dkim_signer
... acl_smtp_dkim will be called for every domain you include in
dkim_verify_signers. mydomain.tld, too. And if you include spammydomain.tld
it will be checked, too.
Neither From: nor the envelope_from are automatically included in
dkim_verify_signers. It defaults to:
dkim_verify_signers = $dkim_signers
$dkim_signers is the list of domains found in DKIM signatures.
acl_smtp_dkim won't be called for this message (since spammydomain.tld
isn't included in dkim_verify_signers) and the condition you provided
won't be checked.
acl_smtp_dkim is called for each domain in dkim_verify_signers. My
condition checks for the From:. Since mydomain.tld, the From: domain, is
included, it will trigger.
Wolfgang
Which is why I have a database of "known signers" that I check first
(strict checking) and then I apply a looser set of heuristics to the rest.
For me the real problem is DKIM signed messages lists that may re-sign
the message and cause confusion.
Mike
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
