On 25/09/2023 08:10, Cyborg via Exim-users wrote:
>
> acl_smtp_dkim = acl_check_dkim
>
> acl_check_dkim:
>
> # skip if it's from an authenticated user
> accept condition = ${if eq{$authenticated_id}{} {0}{1}}
>
> deny sender_domains = $sender_address_domain
> dkim_signers = $sender_address_domain:$dkim_signers
> dkim_status = none:invalid:fail
> log_message = "DKIM: Mail from $sender_address_domain rejected with $dkim_verify_status"
> message = "DKIM FAILED - SIGNATURE INVALID"
>
> accept
>
> acl_check_data:
> ...
> deny condition = ${if eq{$h_DKIM-Signature:}{}{1}{0}}
> condition = ${if eq{$authenticated_id}{} {1}{0}}
> log_message = "NO DKIM-SIGNATURE found"
> message = "NO DKIM-SIGNATURE found, but it is required by the receiver"
Overkill.
acl_smtp_mail:
...
warn condition = ${if def:authenticated_id}
control = dkim_disable_verify
...
acl_smtp_data:
...
deny condition = ${if def:dkim_verify_status}
${if !inlist {pass}{$dkim_verify_status}}
# remove line below to also reject non-signed messages
${if !inlist {none}{$dkim_verify_status}}
--
Cheers,
Jeremy
--
## subscription configuration (requires account):
##
https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@???
## Exim details at
http://www.exim.org/
## Please use the Wiki with this list -
http://wiki.exim.org/
