On 2012-04-27 20:29, Robert Wysocki wrote:
> Dnia 2012-04-27, pią o godzinie 14:41 +0100, Michael J. Tubby B.Sc G8TIC
> pisze:
>> deny sender_domains = +dkim_known_signers
>
> And that's my point - as far as I know sender_domains is taken from
> envelope not from From: header. Hence when From: headers' content is
> spoofed but envelope-sender is not, signature won't be checked even if
> From: is in dkim_known_signers list.
Then use something like
condition = ${if match_domain{${domain:$h_from:}}{+dkim_known_signers}\
{yes}{no}}
instead?
Greetings, Wolfgang