On 01/03/2013 14:02, Raymond Norton wrote:
> I must be confused by the way my exim.conf works. I am getting DKIM
> rejects like this:
>
> 2013-03-01 12:37:52 1UBUq7-0006qM-Pn H=(mail-wi0-f169.google.com)
> [209.85.212.169] rejected DKIM : REJECTED - DKIM failure:
> pubkey_unavailable
> 2013-03-01 12:37:55 1UBUqB-0006qn-08 H=(mail-ia0-f180.google.com)
> [209.85.210.180] rejected DKIM : REJECTED - DKIM failure:
> pubkey_unavailable
>
>
> My exim.conf file has the following:
>
> acl_check_dkim:
> accept authenticated = *
> accept hosts = :
> accept hosts = +whitelisted_hosts
> deny message = REJECTED - DKIM failure: $dkim_verify_reason
> #dkim_status = none:invalid:fail
> dkim_status = none:invalid
> condition = ${if eq {$dkim_key_testing}{1} {no}{yes}}
> warn add_header = X-DKIM: Status on $received_ip_address using
> Baruwa 2.0: dkim=$dkim_verify_status; \
> signing_identity="$dkim_cur_signer"
> accept
>
>
> +whitelisted_hosts points to the following:
>
> hostlist whitelisted_hosts = WHITELISTED_HOSTS
>
> WHITELISTED_HOSTS is part of my baruwa postgres database. Google.com,
> googlemail.com and gmail.com have been added to the whitelist, yet get
> bounced for DKIM problems.
For the DKIM problem, you're saying to reject on dkim_status of none,
which means if there is no DKIM, drop the message. Pretty sure you'd
only want to drop on actual fail, possibly invalid..
As for the whitelist, doing a host whitelist would need to have the IP
addresses of their mail servers. You want to check for domains.
acl_check_dkim:
accept authenticated = *
accept hosts = :
deny message = REJECTED - DKIM failure: $dkim_verify_reason
!sender_domains = google.com : googlemail.com : gmail.com
#dkim_status = none:invalid:fail
dkim_status = invalid:fail
condition = ${if eq {$dkim_key_testing}{1} {no}{yes}}
warn add_header = X-DKIM: Status on $received_ip_address using
Baruwa 2.0: dkim=$dkim_verify_status; \
signing_identity="$dkim_cur_signer"
accept
