Re: [exim] RFC 8301: Cryptographic Algorithm and Key Usage U…

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Jeremy Harris
Date:  
À: exim-users
Nouveaux-sujets: Re: [exim] 👍👍👍👎 Re: RFC 8301: Cryptographic Algorithm and Key Usage Update to DomainKeys Identified Mail (DKIM)
Sujet: Re: [exim] RFC 8301: Cryptographic Algorithm and Key Usage Update to DomainKeys Identified Mail (DKIM)
On 08/02/18 07:03, Torsten Tributh via Exim-users wrote:
> Postmasters might be interested in the newly issued RFC:
>
>   https://www.rfc-editor.org/rfc/rfc8301.txt
>
> To start following this RFC with
> Section 3.1.  Signing and Verification Algorithms
>
>
> I started using the sample from:
>
> https://www.exim.org/exim-html-current/doc/html/spec_html/ch-support_for_dkim_domainkeys_identified_mail.html
>
>
> In my config now:
>
> dmarc_history_file              = /somewhere/dmarc_history.txt
>
>   warn    condition =    ${if eq {$dkim_algo}{rsa-sha1}}
>     condition =    ${if eq {$dkim_verify_status}{pass}}
>     logwrite =    NOTE: forcing dkim verify fail (was pass)
>     set dkim_verify_status = fail
>     set dkim_verify_reason = hash too weak
>
> I guessed that after changing the dkim_verify_status the DMARC status
> will also change and that later in the dmarc_history_file
> will be some DKIM failed informations.


I assume you've observed a sample resulting in that log line?

> I would like to use the change of DKIM to fail and inform postmasters
> about that with the generated DMARC reports, but i can't find any fail
> in there.


I've not tried running the (experimental) DMARC code. Nobody ever cared
enough to create testcases in the testsuite, either...

If you can put together an example that fails, it would be helpful to
open a bug with it. At least it'll be documented then.
--
Thanks,
Jeremy