I've got my Exim only calling prvs on local_domains now. Thanks David!
But I've run into a different problem. All signed addresses seem to be
for day 100. The hash matches, but then I'm informed that the signature
has expired.
exim -d+expand -be '${prvs {foo@???}{batv_key}}'
expanding: foo@???
result: foo@???
expanding: batv_key
result: batv_key
prvs: hash source is '0100foo@???'
expanding: ${prvs {foo@???}{batv_key}}
result: prvs=foo/0100b7cdbf@???
prvs=foo/0100b7cdbf@???
exim -d+expand -be '${prvscheck {prvs=foo/0100b7cdbf@???}{batv_key}}'
expanding: prvs=foo/0100b7cdbf@???
result: prvs=foo/0100b7cdbf@???
prvscheck localpart: foo
prvscheck key number: 0
prvscheck daystamp: 100
prvscheck hash: b7cdbf
prvscheck domain: bar.com
expanding: batv_key
result: batv_key
prvs: hash source is '0100foo@???'
prvscheck: received hash is b7cdbf
prvscheck: own hash is b7cdbf
prvscheck: signature expired, $pvrs_result unset
expanding: ${prvscheck {prvs=foo/0100b7cdbf@???}{batv_key}}
result: foo@???
foo@???
