Re: [exim] DKIM verification and envelope-from

Top Page

Reply to this message
Author: Wolfgang Breyha
To: exim-users
Subject: Re: [exim] DKIM verification and envelope-from
On 2012-04-30 09:18, Robert Wysocki wrote:
> Thanks for the conditions, but if I read the documentation right,
> acl_smtp_dkim is evaluated based on envelope-from, so including this
> condition won't do me any good.

Which part of the documentation are you referring to?

2. Verifying DKIM signatures in incoming mail
clearly says:
"The global option dkim_verify_signers can be set to a colon-separated list
of DKIM domains or identities for which the ACL acl_smtp_dkim is called."

> For example when I have a mail:
> From somebogusaddress@???
> .
> .
> .
> From: <somename@???>
> and I have:
> dkim_verify_signers = mydomain.tld:$dkim_signer

... acl_smtp_dkim will be called for every domain you include in
dkim_verify_signers. mydomain.tld, too. And if you include spammydomain.tld
it will be checked, too.

Neither From: nor the envelope_from are automatically included in
dkim_verify_signers. It defaults to:
dkim_verify_signers = $dkim_signers

$dkim_signers is the list of domains found in DKIM signatures.

> acl_smtp_dkim won't be called for this message (since spammydomain.tld
> isn't included in dkim_verify_signers) and the condition you provided
> won't be checked.

acl_smtp_dkim is called for each domain in dkim_verify_signers. My
condition checks for the From:. Since mydomain.tld, the From: domain, is
included, it will trigger.

Wolfgang Breyha <wbreyha@???> |
Vienna University Computer Center | Austria