Re: [exim] DKIM verification and envelope-from

Top Page

Reply to this message
Author: Wolfgang Breyha
Date:  
To: exim-users
Subject: Re: [exim] DKIM verification and envelope-from
On 2012-04-30 09:18, Robert Wysocki wrote:
> Thanks for the conditions, but if I read the documentation right,
> acl_smtp_dkim is evaluated based on envelope-from, so including this
> condition won't do me any good.


Which part of the documentation are you referring to?

Reading
http://www.exim.org/exim-html-current/doc/html/spec_html/ch54.html
2. Verifying DKIM signatures in incoming mail
clearly says:
"The global option dkim_verify_signers can be set to a colon-separated list
of DKIM domains or identities for which the ACL acl_smtp_dkim is called."

So...
> For example when I have a mail:
>
> From somebogusaddress@???
> .
> .
> .
> From: <somename@???>
>
> and I have:
>
> dkim_verify_signers = mydomain.tld:$dkim_signer


... acl_smtp_dkim will be called for every domain you include in
dkim_verify_signers. mydomain.tld, too. And if you include spammydomain.tld
it will be checked, too.

Neither From: nor the envelope_from are automatically included in
dkim_verify_signers. It defaults to:
dkim_verify_signers = $dkim_signers

$dkim_signers is the list of domains found in DKIM signatures.

> acl_smtp_dkim won't be called for this message (since spammydomain.tld
> isn't included in dkim_verify_signers) and the condition you provided
> won't be checked.


acl_smtp_dkim is called for each domain in dkim_verify_signers. My
condition checks for the From:. Since mydomain.tld, the From: domain, is
included, it will trigger.

Wolfgang
--
Wolfgang Breyha <wbreyha@???> | http://www.blafasel.at/
Vienna University Computer Center | Austria