Quoting Ian Eiloart <[email protected]>:
Yes. Omit the sender_domains condition, and the dkim_signers
condition. Say "dkim_status = fail".
If I do that I am able to receive messages from sender domains with
working DKIM configurations, but from the rest I get:
temporarily rejected after DATA: \
cannot test dkim_signers condition in DATA ACL
So, I would only want to run such an ACL on the condition that a
_domainkey record exists in the sender domain. Is it possible to check
for that?
But, note that you might throw away messages where the signature has
been broken by a mailing list. Also, note that DKIM recommends that
you treat invalid signatures as if there were no signature present.
Thus, DKIM is better used to whitelist good messages with trusted
signing domains.
Normally you'd be right, but I'm not worried. My system would not
reject such messages when they match; only warn. Instead it counts
warnings in almost a dozen categories and only rejects messages when
they score in three or more. I also whitelist any mailing list servers
that I use.
Cheers,
Jaap
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
