Re: [exim] Misconfigured DKIM whitelist?

Mon, 04 Mar 2013 11:48:13 -0800 

On 01/03/2013 14:02, Raymond Norton wrote:
I must be confused by the way my exim.conf works. I am getting DKIM rejects like this: 


2013-03-01 12:37:52 1UBUq7-0006qM-Pn H=(mail-wi0-f169.google.com) 
[209.85.212.169] rejected DKIM : REJECTED - DKIM failure: 
pubkey_unavailable
2013-03-01 12:37:55 1UBUqB-0006qn-08 H=(mail-ia0-f180.google.com) 
[209.85.210.180] rejected DKIM : REJECTED - DKIM failure: 
pubkey_unavailable



My exim.conf file has the following:

acl_check_dkim:
  accept authenticated  = *
  accept hosts          = :
  accept hosts          = +whitelisted_hosts
  deny message          = REJECTED - DKIM failure: $dkim_verify_reason
       #dkim_status      = none:invalid:fail
       dkim_status      = none:invalid
       condition        = ${if eq {$dkim_key_testing}{1} {no}{yes}}

  warn add_header       = X-DKIM: Status on $received_ip_address using 
Baruwa 2.0: dkim=$dkim_verify_status; \

                          signing_identity="$dkim_cur_signer"
  accept


+whitelisted_hosts points to the following:

 hostlist whitelisted_hosts = WHITELISTED_HOSTS


WHITELISTED_HOSTS is part of my baruwa postgres database. Google.com, 
googlemail.com and gmail.com have been added to the whitelist, yet get 
bounced for DKIM problems.

For the DKIM problem, you're saying to reject on dkim_status of none, 
which means if there is no DKIM, drop the message. Pretty sure you'd 
only want to drop on actual fail, possibly invalid..



As for the whitelist, doing a host whitelist would need to have the IP 
addresses of their mail servers. You want to check for domains.


acl_check_dkim:
  accept authenticated  = *
  accept hosts          = :
  deny message          = REJECTED - DKIM failure: $dkim_verify_reason
       !sender_domains  = google.com : googlemail.com : gmail.com
       #dkim_status      = none:invalid:fail
       dkim_status      = invalid:fail
       condition        = ${if eq {$dkim_key_testing}{1} {no}{yes}}

  warn add_header       = X-DKIM: Status on $received_ip_address using 
Baruwa 2.0: dkim=$dkim_verify_status; \

signing_identity="$dkim_cur_signer"
  accept


--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/






















					Reply via email to