[exim-dev] [Bug 959] New DKIM variables which contains the f…

Top Page
Delete this message
Reply to this message
Author: Ralf van der enden
Date:  
To: exim-dev
Subject: [exim-dev] [Bug 959] New DKIM variables which contains the flags from the policy record
------- You are receiving this mail because: -------
You are on the CC list for the bug.

http://bugs.exim.org/show_bug.cgi?id=959




--- Comment #4 from Ralf van der enden <tremere@???> 2010-01-28 14:29:07 ---
> To me, you need two things for ADSP: Check all required signers, not
> just those contained in signatures:
>
> dkim_verify_signers =
> ${map{${addresses:$h_from:}}{${domain:$item}}}:$dkim_signers
>


I agree. I had changed my dkim_verify_signers to the following:
    dkim_verify_signers =    $sender_address_domain:$dkim_signers


> And check the ADSP record:
>
>   condition = ${if eq {$dkim_key_testing}{1} {false} {true}}
>   dkim_status = none:invalid:fail
>   condition = ${if match {${lookup
> dnsdb{txt=_adsp._domainkey.$dkim_cur_signer}}} {^dkim[    ]*=[   
> ]*discardable} {true} {false}}

>
> The second is just an idea, and may be wrong, because it does not
> look too complex. ;)
>


I believe exim (pdkim) should check if a policy record exists and return the
result of that in a variable. Besides. If a mail is unsigned, $dkim_key_testing
is undefined. Also, when the i=xxxx tag is used in the header, $dkim_cur_signer
can contain an address instead of just a domain which results in a bogus dnsdb
lookup.


--
Configure bugmail: http://bugs.exim.org/userprefs.cgi?tab=email