On 06/11/2020 18:00, Chris Siebenmann via Exim-users wrote:
One thing to be aware of when writing DKIM related rules is that
it's quite possible (and in some environments routine) for legitimate
incoming email to have multiple DKIM signatures, some of which fail to
validate and some of which do validate. One can be unhappy about this,
but places like Microsoft Outlook365 don't care about our feelings.
(We have actually seen this happen on inbound messages from Microsoft
Teams that transited through hosted Office365 email before reaching us;
the Teams DKIM signature was invalid, the hosted O365 DKIM signature was
valid. Since Microsoft Teams falls under the microsoft.com domain and
microsoft.com advertises a strong DMARC policy, this caused a certain
amount of heartburn.)
To handle this, I think you'd have to *not* do anything but accept
in the DKIM acl, and then evaluate the list of results gathered in
$dkim_verify_status as visible to the DATA acl.
--
Cheers,
Jeremy
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
