Re: [exim] DKIM verification and envelope-from

Góra strony
Delete this message
Reply to this message
Autor: Robert Wysocki
Data:  
Dla: exim-users
Temat: Re: [exim] DKIM verification and envelope-from
Dnia 2012-04-27, pią o godzinie 21:20 +0200, Wolfgang Breyha pisze:
> On 2012-04-27 20:29, Robert Wysocki wrote:
> > Dnia 2012-04-27, pią o godzinie 14:41 +0100, Michael J. Tubby B.Sc G8TIC
> > pisze:
> >>          deny    sender_domains = +dkim_known_signers

> >
> > And that's my point - as far as I know sender_domains is taken from
> > envelope not from From: header. Hence when From: headers' content is
> > spoofed but envelope-sender is not, signature won't be checked even if
> > From: is in dkim_known_signers list.
>
> Then use something like
> condition = ${if match_domain{${domain:$h_from:}}{+dkim_known_signers}\
>                {yes}{no}}
> instead?


Thanks for the conditions, but if I read the documentation right,
acl_smtp_dkim is evaluated based on envelope-from, so including this
condition won't do me any good.

For example when I have a mail:

>From somebogusaddress@???

.
.
.
From: <somename@???>

and I have:

dkim_verify_signers = mydomain.tld:$dkim_signer

acl_smtp_dkim won't be called for this message (since spammydomain.tld
isn't included in dkim_verify_signers) and the condition you provided
won't be checked.

I'm looking for a way to check dkim signatures also for this kind of
spam.

Regards,
--
Robert Wysocki
administrator systemów linuksowych
CONTIUM S.A., http://www.contium.pl