> -----Original Message----- > From: Jeremy Harris > > On 10/01/17 13:21, Ivo Truxa wrote: > > I assume that such functionality will be added sooner or later to DKIM in > > Exim, but I needed it now, so I wrote a simple Perl > > script, and call it from the DKIM ACL. > > The DKIM ACL is called once for each DKIM sig in the headers of a > message. If there isn't one, it won't be called. You'd need to > be making this check in your data ACL instead.
That's true only if you use the following assignment in the settings: dkim_verify_signers = $dkim_signers And that is exactly why I wrote I used the following assignment instead: dkim_verify_signers = $sender_address_domain With this setting Exim calls the DKIM ACL for every sender regardless whether there is a DKIM signature in the message or not. Trust me, I watch my logs, and also tested it meticulously, so I know it works exactly as I intended, and is being called also at emails without any DKIM signature at all. If you do not believe, have a look at my logs from just a few minutes ago (stripped of dates and ID's for briefness): 12:18:01 DKIM DEBUG 01: TEST RET=pass, D=seznam.cz, SG=seznam.cz, KT=1, SUB=0, S=beta, R= 12:23:24 DKIM DEBUG 10: RJCT ERR=fail, D=empowred.com, SG=empowred.com, KT=0, SUB=0, S=emkey3, R=bodyhash_mismatch 12:25:20 DKIM DEBUG 01: TEST RET=pass, D=seznam.cz, SG=seznam.cz, KT=1, SUB=0, S=beta, R= 12:34:26 DKIM DEBUG 14: ACPT P=some/undef , D=inetprint.cz 12:38:48 DKIM DEBUG 14: ACPT P=some/undef , D=volny.cz 12:38:57 DKIM DEBUG 14: ACPT P=some/undef , D=polytradece.cz 12:39:23 DKIM DEBUG 14: ACPT P=some/undef , D=smtp.dashofer.cz 12:39:30 DKIM DEBUG 14: ACPT P=some/undef , D=polytradece.cz The records with "P=some/undef" at the bottom are exactly the results of the DKIM policy query done by the Perl script, and were called from within the DKIM ACL at messages with no DKIM signature. > Also, you can very likely duplicate all the tests you wish to do > using native Exim facilities; no need for perl. Sounds interesting! Could you tell me how exactly? I searched the Exim documentation and checked also the C source code of respective Exim files (https://github.com/Exim/exim/blob/master/src/src/dkim.c and https://github.com/Exim/exim/tree/master/src/src/pdkim), but did not find any functions looking up the DKIM policy of the sender. Does Exim have some command for executing custom DNS lookups? If so, then I missed it, but so far I did not find any such possibility so am afraid the Perl solution was the simplest. Of course, it would be better implementing it directly in C into dkim.c or into pdkim.c, but that would take more time, and would require much longer testing before it could be released. I think the Perl script is a good intermittent solution before Exim's dkim code is completed with the policy lookup. > -- > Cheers, > Jeremy -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
