On Monday, 12 February 2018 10:17:43 AM AEDT AC via Exim-users wrote:
> I'm receiving a fair amount of spam that is coming through Microsoft's
> Office 365 service (spammers signing up for the one month free trial of
> Office 365).  This provides them a DKIM siguature that is valid and has
> a customized subdomain of onmicrosoft.com.    The email itself has a
> sender domain that may be entirely different and will likely change.
> 
> What I'd like to do is set up an ACL that checks the DKIM signature and
> rejects it if the domain is anything ending with onmicrosoft.com.
> 
> I tried using a deny rule in my DKIM ACL that looked at the dkim_signers
> but I got the implementation wrong because it rejected anything that had
> a DKIM validation in it no matter the domain.
> 
> deny message = DKIM from unwanted domain
> dkim_signers = *.onmicrosoft.com
> 
> How would I accomplish what I want if it's even possible?
http://exim.org/exim-html-current/doc/html/spec_html/ch-support_for_dkim_domainkeys_identified_mail.html
 has the $dkim_cur_signer and 
$dkim_domain as expansion items inside acl_smtp_dkim. You could put one of 
those in a condition, (deny condition = ...) to reject the mail.


-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Reply via email to