Re: [exim] dkim verification

Top Page
Delete this message
Reply to this message
Author: René Berber
Date:  
To: exim-users
Subject: Re: [exim] dkim verification
Mike Cardwell wrote:

> Just trying to get my head around how to do dkim verification. When
> doing the ${lookup dkim{}} are you supposed to use the domain from the
> From: header? Ie, would this be sane:
>
>
> deny set acl_m1  = ${lookup dkim{${lc:${domain:$h_from:}}}}
>       condition   = ${if eq{$acl_m1}{bad}}
>       message     = Bad DKIM signature

>
> I'm not asking whether or not it is sane to block an email with a bad
> signature, I'm asking whether or not that method of looking up the
> validity of a signature is correct?
>
> On the example at http://wiki.exim.org/DKIM it says to use "${lookup
> dkim{domain.example}}" but doesn't explain what you're supposed to
> replace domain.example with.


I'm using the following:

warn message = DomainKey-Status: ${lookup dkim{$sender_address_domain}}
add_header = X-Exim-DKIM-Status: ${lookup dkim{$sender_address_domain}}

It's not perfect, in fact seems to add an extra header like this:

X-Exim-DKIM-Status: unsigned
DomainKey-Status: unsigned

But it answers your question about what to use as parameter.
--
René Berber