A rare piece of spam was able to get through my exim based defenses. It was DKIM signed, and the log entry when it was received looks like this:
2018-07-13 15:46:16 1fe6pM-0007WY-7X PDKIM: d=wallstreetinsider.org s=mail [failed key import] 2018-07-13 15:46:16 1fe6pM-0007WY-7X <= [email protected] H=mail2.wallstreetinsider.org [139.9 9.102.117]:48086 P=esmtps X=TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256 CV=no S=3826 id=5uCA1Amsmymlao3vrJH 2X4YXb3UbMQekyO3UkbDZ4@localhost Is there a way to have an ACL deny rule specifically for this failure mode? Not necessarily in acl_smtp_dkim, maybe in a generic acl based on the key not being available in DNS? -- Please don't Cc: me privately on mailing lists and Usenet, if you also post the followup to the list or newsgroup. To reply privately _only_ on Usenet and on broken lists which rewrite From, fetch the TXT record for no-use.mooo.com. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
