Filed bug:
https://bugs.exim.org/show_bug.cgi?id=2236
Torsten
On 2/8/18 10:27 AM, Jeremy Harris wrote:
> On 08/02/18 07:03, Torsten Tributh via Exim-users wrote:
>> Postmasters might be interested in the newly issued RFC:
>>
>> https://www.rfc-editor.org/rfc/rfc8301.txt
>>
>> To start following this RFC with
>> Section 3.1. Signing and Verification Algorithms
>>
>>
>> I started using the sample from:
>>
>> https://www.exim.org/exim-html-current/doc/html/spec_html/ch-support_for_dkim_domainkeys_identified_mail.html
>>
>>
>> In my config now:
>>
>> dmarc_history_file = /somewhere/dmarc_history.txt
>>
>> warn condition = ${if eq {$dkim_algo}{rsa-sha1}}
>> condition = ${if eq {$dkim_verify_status}{pass}}
>> logwrite = NOTE: forcing dkim verify fail (was pass)
>> set dkim_verify_status = fail
>> set dkim_verify_reason = hash too weak
>>
>> I guessed that after changing the dkim_verify_status the DMARC status
>> will also change and that later in the dmarc_history_file
>> will be some DKIM failed informations.
>
> I assume you've observed a sample resulting in that log line?
>
>> I would like to use the change of DKIM to fail and inform postmasters
>> about that with the generated DMARC reports, but i can't find any fail
>> in there.
>
> I've not tried running the (experimental) DMARC code. Nobody ever cared
> enough to create testcases in the testsuite, either...
>
> If you can put together an example that fails, it would be helpful to
> open a bug with it. At least it'll be documented then.
>
--
Torsten
