[exim-dev] [Bug 959] New DKIM variables which contains the f…

Αρχική Σελίδα
Delete this message
Reply to this message
Συντάκτης: Michael Haardt
Ημερομηνία:  
Προς: exim-dev
Αντικείμενο: [exim-dev] [Bug 959] New DKIM variables which contains the flags from the policy record
------- You are receiving this mail because: -------
You are on the CC list for the bug.

http://bugs.exim.org/show_bug.cgi?id=959




--- Comment #1 from Michael Haardt <michael.haardt@???> 2010-01-28 11:18:20 ---
> It would be nice if the DKIM implementation would also retrieve the policy
> record (_domainkey.domain.tld and the _adsp._domainkey.domain.tld) when it
> exists, and place the results in $dkim_xxxx variables.
>
> That way it would be possible to deny messages that are unsigned, but policy
> states it signs all messages. I've tried doing it myself with dnsdb lookups,
> but that became way too complex.


To me, you need two things for ADSP: Check all required signers, not
just those contained in signatures:

dkim_verify_signers =
${map{${addresses:$h_from:}}{${domain:$item}}}:$dkim_signers

And check the ADSP record:

  condition = ${if eq {$dkim_key_testing}{1} {false} {true}}
  dkim_status = none:invalid:fail
  condition = ${if match {${lookup
dnsdb{txt=_adsp._domainkey.$dkim_cur_signer}}} {^dkim[    ]*=[   
]*discardable} {true} {false}}


The second is just an idea, and may be wrong, because it does not
look too complex. ;)

Of course you need to sign mails by all required signers. The patch
I offered for discussion addresses that.

Michael


--
Configure bugmail: http://bugs.exim.org/userprefs.cgi?tab=email