The fault is with the rfc. Tis to vague on various points. Such as third party senders.
To my mind DKIM will go the same way as SPF. There needs to be a better policy introduced for controlling spam.
The death penalty comes to mind;-)
David
On Mon, 30 Mar 2009 15:33:39 -0700, Phil Pennock <exim-users@???> wrote:
> On 2009-03-30 at 16:56 +0100, Mike Cardwell wrote:
>> Tom Kistner wrote:
>>
>> >> There are a number of known issues with Exim's current (experimental)
>> >> DKIM support; Tom Kistner has been working on a complete overhaul,
>> >> replacing the use of libdkim with self-contained DKIM support,
> designed
>> >> for Exim. I'm eagerly awaiting the results of his work. :)
>> >
>> > I just finished wrapping the pure DKIM stuff into a library
>> > (http://duncanthrax.net/pdkim/). Now I'll change the Exim
>> > implementation. Verification will be done with a new ACL
> (acl_smtp_dkim)
>> > that is called once per present DKIM-Signature. Signing will be
> unchanged.
>> >
>> > I think when this is in we should finally release a 4.70 ...
>>
>> So acl_smtp_dkim wouldn't be called if there was no signature? But, you
>> still might want to validate even if there is no signature. The DNS
>> policy for the domain might state that the email *must* be signed. I
>> don't see how this would work...?
>
> At a guess: you set an ACL variable in the acl_smtp_dkim variable and
> test for the variable in acl_smtp_data ? Sender signing policy is
> independent of signature verification. (There have been enough holy
> wars on this topic already though)
>
> -Phil
>
> --
> ## List details at http://lists.exim.org/mailman/listinfo/exim-users
> ## Exim details at http://www.exim.org/
> ## Please use the Wiki with this list - http://wiki.exim.org/
