On 09/07/2024 08:30, Sander Smeenk via Exim-users wrote:
HTH. Let me know if i can help test things!
Excellent. It does help... and says there's some fixing work to do. I think the way the coding has mutated over time lost track of the intent of the dkim_verify_minimal option. The current state is that it does affect the evaluation of the signatures (hence, a "true" value will save on crypto effort vs. multiple sigs) but does not affect the calls to the ACL. [ In particular, a setting for dkim_verify_signers that does not include all of $dkim_signers, combined with a trues setting for dkim_verify_minimal, would not operate reliably. Few people would ever do that, fortunately. ] The docs are lacking precision, saying only "cease verification processing for a message once the first passing signature is found" - but the Principle Of Least Astonishment says to me that running the ACL and handling its results ought to be included. This will be more work than is feasible for the upcoming release. I'll start with the 4.next branch. Can you build from git and test any changes I might invent? -- Cheers, Jeremy -- ## subscription configuration (requires account): ## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/ ## unsubscribe (doesn't require an account): ## exim-users-unsubscr...@lists.exim.org ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
