[exim] DKIM $dkim_signers

Top Page
Delete this message
Reply to this message
Author: Wolfgang Breyha
Date:  
To: exim-users
Subject: [exim] DKIM $dkim_signers
Hi!

The current dkim implementation adds the d= parameter and the i= parameter to
the list of $dkim_signers. Both are added as found. That leads to a mix of
domains with an @ in front as found in i= and domains without the @ as found
in d=. RFC says that if i= missing @d= should be used.

In case that a sig contains
i=@domain.tld
and
d=domain.tld
both are added and the acl is run twice for the "same" entry.

I think d= should always be added with @ prefix to $dkim_signers. Exim does
the rest already not running duplicate entries twice. Maybe the documentation
should contain a note that domains should always be prefixed with @ if added
manually to dkim_verify_signers.

Greetings, Wolfgang
--
Wolfgang Breyha <wbreyha@???> | http://www.blafasel.at/
Vienna University Computer Center | Austria