Track tainted data and refuse to expand it
[users/jgh/exim.git] / test / confs / 4500
1 # Exim test configuration 4500
2
3 SERVER=
4
5 .include DIR/aux-var/std_conf_prefix
6
7 primary_hostname = myhost.test.ex
8
9 # ----- Main settings -----
10
11 acl_smtp_rcpt = accept
12 acl_smtp_dkim = check_dkim
13 acl_smtp_data = check_data
14
15 log_selector = +dkim_verbose
16
17 queue_only
18 queue_run_in_order
19
20
21 begin acl
22
23 check_dkim:
24 .ifdef BAD
25   warn  logwrite =      ${lookup dnsdb{defer_never,txt=_adsp._domainkey.$dkim_cur_signer}{$value}{unknown}}
26 .endif
27 .ifdef OPTION
28   warn  condition =     ${if eq {$dkim_algo}{rsa-sha1}}
29         condition =     ${if eq {$dkim_verify_status}{pass}}
30         logwrite =      NOTE: forcing dkim verify fail (was pass)
31         set dkim_verify_status = fail
32         set dkim_verify_reason = hash too weak
33 .endif
34   warn
35         logwrite = signer: $dkim_cur_signer bits: $dkim_key_length
36 .ifndef STRICT
37   accept
38 .endif
39
40 check_data:
41   accept logwrite = ${authresults {$primary_hostname}}
42
43 # End