Larry Rosenman wrote:
> On Sun, November 15, 2009 6:14 pm, W B Hacker wrote:
>> Larry Rosenman wrote:
>>> Greetings,
>>> I just upgraded to 4.70 (FreeBSD port), and was trying(!) to use the
>>> acl_smtp_dkim ACL, but got mail with NO DKIM headers rejected with the
>>> following ACL:
>>>
>>> acl_check_dkim:
>>> warn log_message = GMail sender without DKIM signature
>>> sender_domains = gmail.com
>>> dkim_signers = gmail.com
>>> dkim_status = none
>>> deny message = Message from Paypal with invalid or missing signature
>>> sender_domains = paypal.com:paypal.de
>>> dkim_signers = paypal.com:paypal.de
>>> dkim_status = none:invalid:fail
>>> accept
>>>
>>> so, I'm wondering if there are any examples of the new ACL?
>>>
>>> Also, I'm looking for a way to drop the DKIM status into a header for
>>> all
>>> mail that has DKIM headers.
>>>
>>> Thanks!
>>>
>>>
>>>
>> "... with NO DKIM headers rejected"
>>
>> deny ....
>> ..
>> ..
>> dkim_status = none ........
>>
>> Why would you expect otherwise?
>>
>> ;-)
>
> I'm still confused why the bare accept didn't.....
>
>
It had no chance to .....
An 'accept' may be over-ruled by a later 'deny'.
But a 'deny' is final.. the smtp session is closed before it reaches any
subsequent test or 'accept' verb.
Change your 'deny' to a 'warn' and add clause-specific logging while you sort
the logic to suit your needs (probably need two separate tests ELSE a 'warn'
with some sort of 'score' in an acl_c that is handled later).
HTH,
Bill