Auteur: Marc Perkel Date: À: Peter Bowyer CC: exim users Sujet: Re: [exim] Domain Keys
Peter Bowyer wrote: > On 29/03/07, Marc Perkel <marc@???> wrote:
>
>> I think what I'm looking for is to use domain keys to reject paypal
>> phishing and pther phishing of banks in particular. I found SPF to be
>> less that worthless and I'm hoping that domain keys are at least
>> somewhat useful.
>>
>> So if my goal is to get rid of at least most paypal phishing with no
>> false positives, will domain keys do that? If so - does someone have
>> some sample ACLs to share?
>>
>
> You should certainly give it a go. Here's something to get you started....
>
> In a rcpt acl:
>
> warn control=dk_verify
>
> (this tells Exim to verify the DK signature of this message - you can
> put conditions round it if you don't want to verify all messages)
>
> and in a data acl:
>
> deny !dk_status = good
> dk_sender_domains = +strict_dk_domains
>
> Set up strict_dk_domains with a list of all domains for which you want
> to reject unless they pass DK.
>
> As always, I suggest setting up passive checking + logging for your
> target domains as a first step, and only moving to deny when you're
> confident that it's behaving.
>
> Peter
>
>
Just one quick question. Do domain keys break email forwarding the way
SPF does?