Re: [exim] dkim=fail (body hash mismatch; body probably mod…

Top Page
Delete this message
Reply to this message
Author: Victor Sudakov
Date:  
To: exim-users
Subject: Re: [exim] dkim=fail (body hash mismatch; body probably modified in transit)
Jeremy Harris via Exim-users wrote:
> On 12/12/2022 09:21, Victor Sudakov via Exim-users wrote:
> > acl_check_dkim:
> >     accept add_header      = :at_start:${authresults {$primary_hostname}}

>
> It's generally better to use ${authresults } in the data ACL, so that it
> can pick up other results even when the message wasn't DKIM-signed.
> Also, the DKIM ACL can get called more than once (when there are multiple
> signatures in a message) which would, with the header added here,
> give you multiple results headers -
> and can *modify* the result for a signature (yours doesn't, obviously).


So I just leave acl_check_dkim with a single "accept" and move the
"add_header" to the data ACL? Or do I omit the acl_check_dkim
altogether?


--
Victor Sudakov VAS4-RIPE
http://vas.tomsk.ru/
2:5005/49@fidonet