On 11/01/17 11:58, Ivo Truxa wrote:
>> The DKIM ACL is called once for each DKIM sig in the headers of a
>> message. If there isn't one, it won't be called. You'd need to
>> be making this check in your data ACL instead.
>
> That's true only if you use the following assignment in the settings:
> dkim_verify_signers = $dkim_signers
Oops, you are correct. I've added a note in the docs page on ACLs to
make that clear.
> Sounds interesting! Could you tell me how exactly? I searched the Exim documentation and checked also the C source code of respective Exim files (https://github.com/Exim/exim/blob/master/src/src/dkim.c and https://github.com/Exim/exim/tree/master/src/src/pdkim), but did not find any functions looking up the DKIM policy of the sender. Does Exim have some command for executing custom DNS lookups?
A ${lookup dnsdb... is the magic you need.
http://exim.org/exim-html-current/doc/html/spec_html/ch-file_and_database_lookups.html#SECTdnsdb
--
Cheers,
Jeremy