On 6/25/05, Arkadiusz Miskiewicz <arekm@???> wrote:
> It seems that DomainKeys isn't really usable as no one uses signall = 1 and
> denying messages when signall=0 is risky if I understand meaning of signall
> correctly.
> Is there any point in using DK now?
It's still in testing everywhere...but that's a heck of an ACL. This
is what I use in the DATA ACL:
### Domainkeys
# log
warn
logwrite = $dk_result
# most restrictive..deny if domain signs all
deny
message = DomainKey failed ($dk_status)
dk_policy = signsall
!dk_status = good
# deny for bad/revoke sig, but not if testing
deny
message = DomainKey failed ($dk_status)
!dk_policy = testing
dk_status = bad:revoked
# log to email
warn
message = DomainKey-Status: $dk_status
### end domainkeys
You're technically supposed to add the DomainKey-Status header at the
top, but I'm too lazy to read section 10 of the docs :)
Sam
