On 2009-03-30 at 16:56 +0100, Mike Cardwell wrote:
> Tom Kistner wrote:
>
> >> There are a number of known issues with Exim's current (experimental)
> >> DKIM support; Tom Kistner has been working on a complete overhaul,
> >> replacing the use of libdkim with self-contained DKIM support, designed
> >> for Exim. I'm eagerly awaiting the results of his work. :)
> >
> > I just finished wrapping the pure DKIM stuff into a library
> > (http://duncanthrax.net/pdkim/). Now I'll change the Exim
> > implementation. Verification will be done with a new ACL (acl_smtp_dkim)
> > that is called once per present DKIM-Signature. Signing will be unchanged.
> >
> > I think when this is in we should finally release a 4.70 ...
>
> So acl_smtp_dkim wouldn't be called if there was no signature? But, you
> still might want to validate even if there is no signature. The DNS
> policy for the domain might state that the email *must* be signed. I
> don't see how this would work...?
At a guess: you set an ACL variable in the acl_smtp_dkim variable and
test for the variable in acl_smtp_data ? Sender signing policy is
independent of signature verification. (There have been enough holy
wars on this topic already though)
-Phil
