On 2015-02-18 at 18:19 +1100, Dean Hamstead wrote: > However, I would now like to enable it "globally" in the sense that i > would like exim to do a dns lookup and see if DKIM is configured for a > given domain - and if so then take action. > > I have had no success and havent been able to find a tutorial. > > Hopefully someone wiser can offer suggestions?
You need to figure out which domain counts; for DKIM that's normally "From:", but if you do that, then you reject every mail sent from that domain to a mailing-list which modifies body content. The DNS record you're looking for is part of "ADSP", RFC 5617; since the selector is variable, per message, you can't use a message missing a selector to decide which DKIM record to look up, so that RFC specifies a DNS label to use for "Author Domain Signing Practices". Enforced ADSP only really makes sense for domains which only send transactional email, unless you do a lot of custom munging and special-casing in a rule system, to track "legitimate mailing-lists", "domains publishing ADSP cluelessly", "domains with real users that might be getting broken" and then start weighting and scoring. But if you want to try this out for yourself, to see what breaks, then it will be educational and useful; insight from pain is what leads to better solutions. :) So go for it, and the above should provide you with enough pointers to get started. -Phil -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
