Re: [exim] domainkeys - signall = 0, no point in using DK?

Top Page
Delete this message
Reply to this message
Author: Sam Michaels
Date:  
To: Arkadiusz Miskiewicz
CC: exim-users
Subject: Re: [exim] domainkeys - signall = 0, no point in using DK?
On 6/25/05, Arkadiusz Miskiewicz <arekm@???> wrote:
> It seems that DomainKeys isn't really usable as no one uses signall = 1 and
> denying messages when signall=0 is risky if I understand meaning of signall
> correctly.
> Is there any point in using DK now?


It's still in testing everywhere...but that's a heck of an ACL. This
is what I use in the DATA ACL:

### Domainkeys

  # log
  warn
    logwrite = $dk_result


  # most restrictive..deny if domain signs all
  deny
    message = DomainKey failed ($dk_status)
    dk_policy = signsall
   !dk_status = good


  # deny for bad/revoke sig, but not if testing
  deny
    message = DomainKey failed ($dk_status)
    !dk_policy = testing
    dk_status = bad:revoked


  # log to email
  warn
    message = DomainKey-Status: $dk_status


### end domainkeys

You're technically supposed to add the DomainKey-Status header at the
top, but I'm too lazy to read section 10 of the docs :)

Sam