Author: Jeremy Harris Date: To: exim-users Subject: Re: [exim] SPF and DKIM error processing when receiving emails
On 06/11/2020 18:00, Chris Siebenmann via Exim-users wrote: > One thing to be aware of when writing DKIM related rules is that
> it's quite possible (and in some environments routine) for legitimate
> incoming email to have multiple DKIM signatures, some of which fail to
> validate and some of which do validate. One can be unhappy about this,
> but places like Microsoft Outlook365 don't care about our feelings.
>
> (We have actually seen this happen on inbound messages from Microsoft
> Teams that transited through hosted Office365 email before reaching us;
> the Teams DKIM signature was invalid, the hosted O365 DKIM signature was
> valid. Since Microsoft Teams falls under the microsoft.com domain and
> microsoft.com advertises a strong DMARC policy, this caused a certain
> amount of heartburn.)
To handle this, I think you'd have to *not* do anything but accept
in the DKIM acl, and then evaluate the list of results gathered in
$dkim_verify_status as visible to the DATA acl.
--
Cheers,
Jeremy
