Hi! The current dkim implementation adds the d= parameter and the i= parameter to the list of $dkim_signers. Both are added as found. That leads to a mix of domains with an @ in front as found in i= and domains without the @ as found in d=. RFC says that if i= missing @d= should be used.
In case that a sig contains [email protected] and d=domain.tld both are added and the acl is run twice for the "same" entry. I think d= should always be added with @ prefix to $dkim_signers. Exim does the rest already not running duplicate entries twice. Maybe the documentation should contain a note that domains should always be prefixed with @ if added manually to dkim_verify_signers. Greetings, Wolfgang -- Wolfgang Breyha <[email protected]> | http://www.blafasel.at/ Vienna University Computer Center | Austria -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
