Hi,
I use actually Exim 4.90 with DKIM patch.
It is a good idea to check for v=DKIM1 in the TXT record, but it has now
also some disadvantages.
For domains where they have several TXT records in place it is good to
match for v=DKIM1 to use only the DKIM record, but
to use v=DKIM1 is only RECOMMENDED.
See RFC6376 Chapter 3.6.1
The only REQUIRED tag is p=
Actually the DKIM check is no longer working for example with amazonses.com
from the exim-log:
...DKIM: d=amazonses.com s=shh3fegwg5fppqsuzphvschd53n6ihuv
c=relaxed/simple a=rsa-sha256 b=1024 t=1515931975 [invalid - public key
record (currently?) unavailable]
If you check by hand, you see:
dig TXT +short shh3fegwg5fppqsuzphvschd53n6ihuv._domainkey.amazonses.com
shh3fegwg5fppqsuzphvschd53n6ihuv.dkim.amazonses.com.
"p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCR1ASUk0rJK0Udcn8ebYV42GH4ktEn+pST7FuNCuiZyjGu6mTxnBiQLTrc/zKVhbkeu2mGrP60kUiAiSOoZaRbJ5qKgLNKAIZwSGePDL0K5rJz5bPCQjruuNCHiz7uYFi55Fye5We5tzqXztHYF2E4gSnpkk32stBiQS2PTkpAMwIDAQAB"
Amazon is only using p= in their DKIM records.
We need an extra matching for that.
Kind regards
Torsten
--
Torsten
