[exim] Re: How to enable incoming DKIM check, ideally in Ubu…

Etusivu
Poista viesti
Vastaa
Lähettäjä: Jeremy Harris
Päiväys:  
Vastaanottaja: exim-users
Aihe: [exim] Re: How to enable incoming DKIM check, ideally in Ubuntu/Debian?
On 25/09/2023 08:10, Cyborg via Exim-users wrote:
>
> acl_smtp_dkim = acl_check_dkim
>
> acl_check_dkim:
>
>         # skip if it's from an authenticated user
>         accept condition  = ${if eq{$authenticated_id}{} {0}{1}}
>
>         deny sender_domains = $sender_address_domain
>              dkim_signers = $sender_address_domain:$dkim_signers
>              dkim_status = none:invalid:fail
>              log_message = "DKIM: Mail from $sender_address_domain rejected with $dkim_verify_status"
>              message = "DKIM FAILED - SIGNATURE INVALID"
>
>         accept
>
> acl_check_data:
>  ...
>  deny condition = ${if eq{$h_DKIM-Signature:}{}{1}{0}}
>          condition = ${if eq{$authenticated_id}{} {1}{0}}
>          log_message = "NO DKIM-SIGNATURE found"
>          message = "NO DKIM-SIGNATURE found, but it is required by the receiver"


Overkill.


acl_smtp_mail:
   ...
   warn condition = ${if def:authenticated_id}
        control = dkim_disable_verify
   ...

acl_smtp_data:
   ...
   deny condition = ${if def:dkim_verify_status}
                    ${if !inlist {pass}{$dkim_verify_status}}
                    # remove line below to also reject non-signed messages
                    ${if !inlist {none}{$dkim_verify_status}}
-- 
Cheers,
   Jeremy


--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@???
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/