Продолжаю настройку своего почтового сервера.
В этой заметке речь будет о проверке DKIM у входящих сообщений с помощью Exim.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
| # Добавляем в список ACL для обработки:
acl_smtp_dkim = acl_check_dkim
# ...
# Можно разместить в начале, где задаются переменные для DKIM-отправки
# Это значит, чьи подписи мы будем точно проверять
DKIM_KNOWN_SIGNERS = paypal.com : gmail.com
dkim_verify_signers = $dkim_signers : KNOWN_DKIM_SIGNERS
# ...
# Создаем сам ACL в секции "begin acl"
# ...
# DKIM check
acl_check_dkim:
accept hosts = +relay_from_hosts
accept authenticated = *
# Message without sign
accept dkim_status = none
condition = ${if eq {$acl_c_dkim_hdr}{1} {no}{yes}}
set acl_c_dkim_hdr = 1
add_header = :at_start:X-DKIM: Exim 4.71 on $primary_hostname (no dkim signature)
# Message with sign, begin
warn condition = ${if eq {$acl_c_dkim_hdr}{1} {no}{yes}}
set acl_c_dkim_hdr = 1
add_header = :at_start:X-DKIM: Exim 4.71 on $primary_hostname
# Message with sign, bad signature
deny dkim_status = fail
message = Rejected: $dkim_verify_reason
logwrite = X-Auth: DKIM test failed: (address=$sender_address domain=$dkim_cur_signer), signature is bad.
# Message with sign, invalid signature
accept dkim_status = invalid
add_header = :at_start:Authentication-Results: $primary_hostname $dkim_cur_signer ($dkim_verify_status); $dkim_verify_reason
logwrite = X-Auth: DKIM test passed (address=$sender_address domain=$dkim_cur_signer), but signature is invalid.
# Message with sign, good signature
accept dkim_status = pass
add_header = :at_start:Authentication-Results: $primary_hostname; dkim=$dkim_verify_status header.i=@$dkim_cur_signer
logwrite = X-Auth: DKIM test passed (address=$sender_address domain=$dkim_cur_signer), good signature.
accept
|