Re: [exim] Question on DKIM

Inizio della pagina
Delete this message
Reply to this message
Autore: John Jetmore
Data:  
To: Exim Users
Oggetto: Re: [exim] Question on DKIM
On Thu, Jun 3, 2010 at 11:02 AM, John Jetmore <jj33@???> wrote:
> This caught me off guard because I didn't intend to enable DKIM and I
> don't reference it anywhere in my config.  I don't have an
> acl_smtp_dkim defined.  Is this the intended behavior?  It doesn't
> seem to follow the principle of least astonishment.


I read a little further in chapter 54 and I see the relevant comments
about verification being turned on by default and how to disable it.
I added the following to src/EDITME to get some more coverage:

#------------------------------------------------------------------------------
# By default Exim includes code to support DKIM (DomainKeys Identified
# Mail, RFC4871) signing and verification. Verification of signatures is
# turned on by default. See the spec for information on conditionally
# disabling it. To disable the inclusion of the entire feature, set
# DISABLE_DKIM to "yes"

# DISABLE_DKIM=yes


> Last night I got the following in my paniclog on that server:
>
> 2010-06-03 02:52:36 1OK5EC-0003AM-0q DKIM: Error while running this
> message through validation, disabling signature verification.


Back to the source of my question, is the above log a big deal? Is it
something I need to address? We actually page in response to paniclog
entries because the volume of messages is so low and typically are
actionable (out of memory, clamd unavailable, etc). I can just
whitelist this and move on, just curious if paniclog's the right place
for it, or if more info could be added to help understand the problem.

Thanks
--John