Heiko Schlittermann via Exim-users wrote on 04/12/17 13:40:
> From RFC 6376
>
> [....]
> However, if we're liberal in what we accept, we should be able to
> filter-out non-DKIM records. That's what my simple patch does.
From the same RFC:
6.1.2. Get the Public Key
[...]
... The Verifier MUST validate the key record and MUST
ignore any public-key records that are malformed.
NOTE: The use of a wildcard TXT RR that covers a queried DKIM
domain name will produce a response to a DKIM query that is
unlikely to be a valid DKIM key record. This problem is not
specific to DKIM and applies to many other types of queries.
Client software that processes DNS responses needs to take this
problem into account.
I think your patch does exactly that;-)
Greetings,
Wolfgang
--
Wolfgang Breyha <wbreyha@???> |
http://www.blafasel.at/
Vienna University Computer Center | Austria
