[exim] DKIM verification

Página Principal
Apagar esta mensagem
Responder a esta mensagem
Autor: Todd Lyons
Data:  
Para: Exim Users ML
Assunto: [exim] DKIM verification
Over the past day I've been working through the setup of domainkeys
and dkim. DK was fairly easy to set up and test. DKIM took a bit
more work. The difference in use and configuration between the two
was a suprise, but they both work and work well.

The issue that I'm having right now is that I only want to add the
DKIM header if it's signed. It's easy with DK because there is a
variable $dk_is_signed that allows a quick condition check in that ACL
block. DKIM doesn't have a similar variable,, instead it requires a
direct lookup, so I need to check the actual output of that lookup,
but my check isn't working.

Here is what I'm doing, please tell me what can be done to fix the
last condition statement:

Global:
DKIM_DOMAIN = ${lc:${domain:$h_from:}}

ACL to check recipient:
  warn    !authenticated = *
          !hosts         = +relay_from_hosts
          control        = dkim_verify
          control        = dk_verify


ACL to check data:
# Log libdomainkeys version always, results if signed
  warn    add_header     = :at_start:X-DomainKeys: Exim 4.69
libdomainkeys 0.69 $primary_hostname
          condition      = ${if eq{$dk_is_signed}{1} {true}{false} }
          add_header     = :at_start:Authentication-Results:
$primary_hostname; domainkeys=$dk_status; header.sender=$dk_sender
          log_message    = $dk_result


# Log libdkim version always, results if signed
  warn    add_header     = :at_start:X-DKIM: Exim 4.69 libdkim 1.0.17
$primary_hostname
          log_message    = DKIM results for DKIM_DOMAIN: ${lookup
dkim{DKIM_DOMAIN}}
          condition      = ${if match{${lookup
dkim{DKIM_DOMAIN}}{unsigned}{false}{true} }
          add_header     = :at_start:Authentication-Results:
$primary_hostname; dkim=${lookup dkim{DKIM_DOMAIN}},
header.i=@DKIM_DOMAIN



If I comment out the condition statement, it works properly. What I
want to do is only add the Authentication-Results header if the result
of the lookup is not "unsigned".

-- 
Regards...      Todd
All truth passes through three stages. First, it is ridiculed. Second,
it is violently opposed. Third, it is accepted as being self-evident.