Bill,
Many thanks for that.
I rely on atrpms for my exim packages (I have had my fingers burned compiling & installing from source before - it leaves too much mess) so don't have the option to remove DKIM at compile time otherwise I would do so happily.
My configs are pretty simple mostly so don't think anything else in the config will leave me vulnerable to the dkim issue.
Thanks again,
Mike
----- Original Message -----
From: W B Hacker [
mailto:wbh@conducive.org]
Sent: Tuesday, December 11, 2012 10:25 PM
To: exim users <exim-users@???>
Subject: Re: [exim] Exim 4.80.1 security release - details
Mike Ridgers wrote:
> Dear all, Further to my last message I will attempt to distil my
> question as much as possible as I think it was perhaps not very clear
> what I was asking:
Clear enough. An answer is less so.
IF/AS/WHEN the 'fixup' were to be applied at compile-time, or in a
'MAIN' setting or toggle, it would (ordinarily) apply everywhere it was
relevant.
When you put ANYTHING into an acl, results are predictable as to DENY
class verbs, (session is GONE) but much harder to predict on any other kind.
For example - is a given acl even always TRAVERSED for all situations
and all traffic? or even the 'germane' traffic? Or might something else
in acl's cause it to not be? Or just not have the 'last word'?
Ergo, whether you need this - or anything else - in more than one place
very much depends on how (the rest of) YOUR acl's are structured and
sequenced.
As to 'vulnerability'?
I neither generate nor pay any attention WHATSEOVER to dkim. Totally
ignored here.
We see only about one spam per account per week and no rejections for
destinations for lack of dkim creds of our own.
BFD, IOW.
YMMV, of course.
Bill
--
韓家標
--
## List details at
https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at
http://www.exim.org/
## Please use the Wiki with this list -
http://wiki.exim.org/
