On 2011-03-05 at 13:13 -0600, René Berber wrote:
> > deny message = DKIM: Message with invalid/missing signature
> > sender_domains = gmail.com:paypal.com:ebay.com:$dkim_signers
> > dkim_status = none:invalid:fail
> Simple, isn't it?
>
> But all gmail messages are being rejected and I see contradictory log
> entries.
>
> In exim_main.log:
>
> > 2011-03-05 13:05:06 1Pvwmo-0007Mi-11 DKIM: d=gmail.com s=gamma c=relaxed/relaxed a=rsa-sha256 [verification succeeded]
> > 2011-03-05 13:05:06 1Pvwmo-0007Mi-11 H=mail-gw0-f54.google.com [74.125.83.54] rejected DKIM : DKIM: Message with invalid/missing signature
>
> How did verification succeed and then my rule rejected the message?
How about if you add to the deny:
log_message = DKIM: $dkim_cur_signer / $dkim_domain / $dkim_key_testing / $dkim_verify_status / $dkim_verify_reason
Do you get something more useful out of $dkim_verify_reason ?