On 2011-05-05 at 19:40 +1200, Tony Meyer wrote:
> accept
> dkim_status = none
> sender_domains = KNOWN_DKIM_SIGNERS
> dkim_signers = KNOWN_DKIM_SIGNERS
> condition = ${if
> match_domain{$sender_address_domain}{$dkim_cur_signer}}
> log_message = Possible DKIM Forgery: Unsigned message from
> $sender_address_domain
> add_header = :at_start:X-DKIM: Exim $version_number on
> $primary_hostname (no dkim signature for required
> domain:$dkim_cur_signer)
> So that would mean the problem is with "${if
> match_domain{$sender_address_domain}{$dkim_cur_signer}}" then? If I
> reversed this to "${if
> match_domain{$dkim_cur_signer}{$sender_address_domain}}" would that
> then be correct? i.e. only the second item is treated as a list, so a
> leading slash in the first has no effect?
Yes. No.
You've identified the cause, but reversing the order of the items isn't
the correct fix. You basically just want to test if two strings are
equal (ignoring case), with none of the domainlist matching logic of
handling named lists, regexps, files or other list items.
condition = ${if eqi{$sender_address_domain}{$dkim_cur_signer}}
-Phil