Author: John Jetmore Date: To: Exim Users Subject: Re: [exim] Question on DKIM
On Thu, Jun 3, 2010 at 11:02 AM, John Jetmore <jj33@???> wrote: > This caught me off guard because I didn't intend to enable DKIM and I
> don't reference it anywhere in my config. I don't have an
> acl_smtp_dkim defined. Is this the intended behavior? It doesn't
> seem to follow the principle of least astonishment.
I read a little further in chapter 54 and I see the relevant comments
about verification being turned on by default and how to disable it.
I added the following to src/EDITME to get some more coverage:
#------------------------------------------------------------------------------
# By default Exim includes code to support DKIM (DomainKeys Identified
# Mail, RFC4871) signing and verification. Verification of signatures is
# turned on by default. See the spec for information on conditionally
# disabling it. To disable the inclusion of the entire feature, set
# DISABLE_DKIM to "yes"
# DISABLE_DKIM=yes
> Last night I got the following in my paniclog on that server:
>
> 2010-06-03 02:52:36 1OK5EC-0003AM-0q DKIM: Error while running this
> message through validation, disabling signature verification.
Back to the source of my question, is the above log a big deal? Is it
something I need to address? We actually page in response to paniclog
entries because the volume of messages is so low and typically are
actionable (out of memory, clamd unavailable, etc). I can just
whitelist this and move on, just curious if paniclog's the right place
for it, or if more info could be added to help understand the problem.