Hi!
The current dkim implementation adds the d= parameter and the i= parameter to
the list of $dkim_signers. Both are added as found. That leads to a mix of
domains with an @ in front as found in i= and domains without the @ as found
in d=. RFC says that if i= missing @d= should be used.
In case that a sig contains
i=@domain.tld
and
d=domain.tld
both are added and the acl is run twice for the "same" entry.
I think d= should always be added with @ prefix to $dkim_signers. Exim does
the rest already not running duplicate entries twice. Maybe the documentation
should contain a note that domains should always be prefixed with @ if added
manually to dkim_verify_signers.
Greetings, Wolfgang
--
Wolfgang Breyha <wbreyha@???> |
http://www.blafasel.at/
Vienna University Computer Center | Austria
