Re: [exim] Domain Keys

Top Page
Delete this message
Reply to this message
Author: Peter Bowyer
Date:  
To: exim users
Subject: Re: [exim] Domain Keys
On 29/03/07, Marc Perkel <marc@???> wrote:
> I think what I'm looking for is to use domain keys to reject paypal
> phishing and pther phishing of banks in particular. I found SPF to be
> less that worthless and I'm hoping that domain keys are at least
> somewhat useful.
>
> So if my goal is to get rid of at least most paypal phishing with no
> false positives, will domain keys do that? If so - does someone have
> some sample ACLs to share?


You should certainly give it a go. Here's something to get you started....

In a rcpt acl:

warn control=dk_verify

(this tells Exim to verify the DK signature of this message - you can
put conditions round it if you don't want to verify all messages)

and in a data acl:

deny !dk_status = good
dk_sender_domains = +strict_dk_domains

Set up strict_dk_domains with a list of all domains for which you want
to reject unless they pass DK.

As always, I suggest setting up passive checking + logging for your
target domains as a first step, and only moving to deny when you're
confident that it's behaving.

Peter


--
Peter Bowyer
Email: peter@???