a check that the IP being tested is indeed on the first list. The first
domain is the one that is put in &$dnslist_domain$&. For example:
.code
-reject message = \
+deny message = \
rejected because $sender_host_address is blacklisted \
at $dnslist_domain\n$dnslist_text
dnslists = \
given several times, but because the results of the DNS lookups are cached,
the DNS calls themselves are not repeated. For example:
.code
-reject dnslists = \
+deny dnslists = \
http.dnsbl.sorbs.net,dnsbl.sorbs.net=127.0.0.2 : \
socks.dnsbl.sorbs.net,dnsbl.sorbs.net=127.0.0.3 : \
misc.dnsbl.sorbs.net,dnsbl.sorbs.net=127.0.0.4 : \
Note that the format
of Ed25519 keys in DNS has not yet been decided; this release supports
both of the leading candidates at this time, a future release will
-probably drop support for whichever proposal loses
+probably drop support for whichever proposal loses.
.wen
.option dkim_hash smtp string&!! sha256
This might, for instance, be done to enforce a policy restriction on
hash-method or key-size:
.code
- warn condition = ${if eq {$dkim_verify_status}{pass}}
- condition = ${if eq {$len_3:$dkim_algo}{rsa}}
- condition = ${if or {eq {$dkim_algo}{rsa-sha1}} \
- {< {$dkim_key_length}{1024}} }
- logwrite = NOTE: forcing dkim verify fail (was pass)
- set dkim_verify_status = fail
- set dkim_verify_reason = hash too weak or key too short
+ warn condition = ${if eq {$dkim_verify_status}{pass}}
+ condition = ${if eq {${length_3:$dkim_algo}}{rsa}}
+ condition = ${if or {{eq {$dkim_algo}{rsa-sha1}} \
+ {< {$dkim_key_length}{1024}}}}
+ logwrite = NOTE: forcing DKIM verify fail (was pass)
+ set dkim_verify_status = fail
+ set dkim_verify_reason = hash too weak or key too short
.endd
After all the DKIM ACL runs have completed, the value becomes a
git://git.exim.org / exim.git / blobdiff