------- You are receiving this mail because: -------
You are on the CC list for the bug.
http://bugs.exim.org/show_bug.cgi?id=959
--- Comment #4 from Ralf van der enden <tremere@???> 2010-01-28 14:29:07 ---
> To me, you need two things for ADSP: Check all required signers, not
> just those contained in signatures:
>
> dkim_verify_signers =
> ${map{${addresses:$h_from:}}{${domain:$item}}}:$dkim_signers
>
I agree. I had changed my dkim_verify_signers to the following:
dkim_verify_signers = $sender_address_domain:$dkim_signers
> And check the ADSP record:
>
> condition = ${if eq {$dkim_key_testing}{1} {false} {true}}
> dkim_status = none:invalid:fail
> condition = ${if match {${lookup
> dnsdb{txt=_adsp._domainkey.$dkim_cur_signer}}} {^dkim[ ]*=[
> ]*discardable} {true} {false}}
>
> The second is just an idea, and may be wrong, because it does not
> look too complex. ;)
>
I believe exim (pdkim) should check if a policy record exists and return the
result of that in a variable. Besides. If a mail is unsigned, $dkim_key_testing
is undefined. Also, when the i=xxxx tag is used in the header, $dkim_cur_signer
can contain an address instead of just a domain which results in a bogus dnsdb
lookup.
--
Configure bugmail:
http://bugs.exim.org/userprefs.cgi?tab=email
