René Berber wrote:
>> Just trying to get my head around how to do dkim verification. When
>> doing the ${lookup dkim{}} are you supposed to use the domain from the
>> From: header? Ie, would this be sane:
>>
>>
>> deny set acl_m1 = ${lookup dkim{${lc:${domain:$h_from:}}}}
>> condition = ${if eq{$acl_m1}{bad}}
>> message = Bad DKIM signature
>>
>> I'm not asking whether or not it is sane to block an email with a bad
>> signature, I'm asking whether or not that method of looking up the
>> validity of a signature is correct?
>>
>> On the example at http://wiki.exim.org/DKIM it says to use "${lookup
>> dkim{domain.example}}" but doesn't explain what you're supposed to
>> replace domain.example with.
>
> I'm using the following:
>
> warn message = DomainKey-Status: ${lookup dkim{$sender_address_domain}}
> add_header = X-Exim-DKIM-Status: ${lookup dkim{$sender_address_domain}}
>
> It's not perfect, in fact seems to add an extra header like this:
>
> X-Exim-DKIM-Status: unsigned
> DomainKey-Status: unsigned
>
> But it answers your question about what to use as parameter.
Hmmm. I think I misunderstand something basic about DKIM then as I
thought the envelope sender didn't come into it.
Mike
