Mike Cardwell wrote:
> Just trying to get my head around how to do dkim verification. When
> doing the ${lookup dkim{}} are you supposed to use the domain from the
> From: header? Ie, would this be sane:
>
>
> deny set acl_m1 = ${lookup dkim{${lc:${domain:$h_from:}}}}
> condition = ${if eq{$acl_m1}{bad}}
> message = Bad DKIM signature
>
> I'm not asking whether or not it is sane to block an email with a bad
> signature, I'm asking whether or not that method of looking up the
> validity of a signature is correct?
>
> On the example at http://wiki.exim.org/DKIM it says to use "${lookup
> dkim{domain.example}}" but doesn't explain what you're supposed to
> replace domain.example with.
I'm using the following:
warn message = DomainKey-Status: ${lookup dkim{$sender_address_domain}}
add_header = X-Exim-DKIM-Status: ${lookup dkim{$sender_address_domain}}
It's not perfect, in fact seems to add an extra header like this:
X-Exim-DKIM-Status: unsigned
DomainKey-Status: unsigned
But it answers your question about what to use as parameter.
--
René Berber
