dnl
dnl поддержка DKIM
dnl
dnl запрет проверки подписи DKIM (для exim 4.70 и выше):
dnl NO			- не проводить проверку DKIM подписей
dnl YES			- проводить проверку DKIM подписей
dnl DISABLE		- запретить exim'у проводить проверку DKIM подписей
dnl define(`confDKIM_CHECK', `NO')dnl
dnl
dnl поддержка ADSP (Author Domain Signing Practices)
dnl NO			- не проводить проверку ADSP
dnl YES			- проводить проверку ADSP
dnl define(`confDKIM_CHECK_ADSP', `NO')dnl
dnl

ifelse(SECTION, `MAIN', `dnl

acl_smtp_dkim = acl_check_dkim

#dkim_verify_signers = $sender_address_domain:$dkim_signers
#dkim_verify_signers = ${if def:h_from:{${domain:$h_from:}}{$sender_address_domain}}:$dkim_signers
dkim_verify_signers = ${if def:h_From:{${domain:${sg{$h_From:}{:}{\\\\:}}}}{$sender_address_domain}}:$dkim_signers

')dnl ifelse(SECTION, `MAIN', `')

ifelse(SECTION, `ACL_CHECK_DKIM', `dnl

	warn	set acl_m_skip	= no
	warn	hosts		= +relay_from_hosts
		set acl_m_skip	= yes
	warn	authenticated	= *
		set acl_m_skip	= yes

	warn	condition	= ${if eq{$acl_m_skip}{yes}{no}{yes}}
		dkim_status	= fail
ifelse_strstr(confAUTH_RESULTS_ADD, `NO', `', `dnl
		set acl_m_auth_results = ${acl_m_auth_results};\n\tdkim=fail ($dkim_verify_reason) header.${if eq{$dkim_identity}{}{d=@$dkim_cur_signer}{i=$dkim_cur_signer}}
') dnl ifelse_strstr(confAUTH_RESULTS_ADD, `NO', `', `')

	warn	condition	= ${if eq{$acl_m_skip}{yes}{no}{yes}}
		dkim_status	= invalid
ifelse_strstr(confAUTH_RESULTS_ADD, `NO', `', `dnl
		set acl_m_auth_results = ${acl_m_auth_results};\n\tdkim=neutral ($dkim_verify_reason) header.${if eq{$dkim_identity}{}{d=@$dkim_cur_signer}{i=$dkim_cur_signer}}
') dnl ifelse_strstr(confAUTH_RESULTS_ADD, `NO', `', `')

	warn	condition	= ${if eq{$acl_m_skip}{yes}{no}{yes}}
		dkim_status	= pass
ifelse_strstr(confAUTH_RESULTS_ADD, `NO', `', `dnl
		set acl_m_auth_results = ${acl_m_auth_results};\n\tdkim=pass (good signature) header.${if eq{$dkim_identity}{}{d=@$dkim_cur_signer}{i=$dkim_cur_signer}}
') dnl ifelse_strstr(confAUTH_RESULTS_ADD, `NO', `', `')

	warn	condition	= ${if eq{$acl_m_skip}{yes}{no}{yes}}
		dkim_status	= none
ifelse_strstr(confAUTH_RESULTS_ADD, `NO', `', `dnl
		set acl_m_auth_results = ${acl_m_auth_results};\n\tdkim=none
') dnl ifelse_strstr(confAUTH_RESULTS_ADD, `NO', `', `')


ifelse_strstr(confDKIM_CHECK_ADSP, `NO', `', `

	# set the Author Domain
	warn	condition	= ${if eq{$acl_m_skip}{yes}{no}{yes}}
		set acl_m_author_domain = ${if def:h_From:{${domain:${sg{$h_From:}{:}{\\\\:}}}}{$sender_address_domain}}

	# check for an ADSP record (Author Domain Signing Practices)
	warn	condition	= ${if eq{$acl_m_skip}{yes}{no}{yes}}
		condition	= ${if match{$dkim_cur_signer}{$acl_m_author_domain}{yes}{no}}
		set acl_m_adsp_record = ${lookup dnsdb{txt=_adsp._domainkey.$acl_m_author_domain}{$value}{\
					${lookup dnsdb{txt=_ssp._domainkey.$acl_m_author_domain}{$value}{dkim=undefined}}\
				}}
		set acl_m_adsp_record = ${sg{${extract{dkim}{$acl_m_adsp_record}}}{\N[;/]\N}{}}

	deny	condition	= ${if eq{$acl_m_skip}{yes}{no}{yes}}
		condition	= ${if match{$dkim_cur_signer}{$acl_m_author_domain}{yes}{no}}
		condition	= ${if eq{$acl_m_adsp_record}{discardable}{yes}{no}}
		dkim_status	= none
		message		= There is no DKIM signature in the message, but $acl_m_author_domain has a "$acl_m_adsp_record" ADSP policy
		log_message	= $acl_m_author_domain has a "$acl_m_adsp_record" ADSP policy and there is no DKIM signature in the message\
				${if eq{$dkim_verify_status}{}{}{. DKIM verify status is $dkim_verify_status}}\
				${if eq{$dkim_verify_reason}{}{}{. DKIM verify reason: $dkim_verify_reason}}

	deny	condition	= ${if eq{$acl_m_skip}{yes}{no}{yes}}
		condition	= ${if match{$dkim_cur_signer}{$acl_m_author_domain}{yes}{no}}
		condition	= ${if eq{$acl_m_adsp_record}{discardable}{yes}{no}}
		dkim_status	= invalid
		message		= The DKIM signature could not be verified due to a processing error, but $acl_m_author_domain has a "$acl_m_adsp_record" ADSP policy
		log_message	= $acl_m_author_domain has a "$acl_m_adsp_record" ADSP policy and the DKIM signature could not be verified due to a processing error\
				${if eq{$dkim_verify_status}{}{}{. DKIM verify status is $dkim_verify_status}}\
				${if eq{$dkim_verify_reason}{}{}{. DKIM verify reason: $dkim_verify_reason}}

	deny	condition	= ${if eq{$acl_m_skip}{yes}{no}{yes}}
		condition	= ${if match{$dkim_cur_signer}{$acl_m_author_domain}{yes}{no}}
		condition	= ${if eq{$acl_m_adsp_record}{discardable}{yes}{no}}
		dkim_status	= fail
		message		= Verification of the DKIM signature failed, but $acl_m_author_domain has a "$acl_m_adsp_record" ADSP policy
		log_message	= $acl_m_author_domain has a "$acl_m_adsp_record" ADSP policy and verification of the DKIM signature failed\
				${if eq{$dkim_verify_status}{}{}{. DKIM verify status is $dkim_verify_status}}\
				${if eq{$dkim_verify_reason}{}{}{. DKIM verify reason: $dkim_verify_reason}}

	warn	condition	= ${if eq{$acl_m_skip}{yes}{no}{yes}}
		condition	= ${if match{$dkim_cur_signer}{$acl_m_author_domain}{yes}{no}}
		condition	= ${if eq{$acl_m_adsp_record}{all}{yes}{no}}
		!dkim_status	= pass
		log_message	= $acl_m_author_domain has a "$acl_m_adsp_record" ADSP policy and verification of the DKIM signature not passed\
				${if eq{$dkim_verify_status}{}{}{. DKIM verify status is $dkim_verify_status}}\
				${if eq{$dkim_verify_reason}{}{}{. DKIM verify reason: $dkim_verify_reason}}
		add_header	= X-Warn-ADSP: $primary_hostname; $acl_m_author_domain has a "$acl_m_adsp_record" ADSP policy\
				${if eq{$dkim_verify_status}{}{}{.\n\tDKIM verify status is $dkim_verify_status}}\
				${if eq{$dkim_verify_reason}{}{}{.\n\tDKIM verify reason: $dkim_verify_reason}}

') dnl ifelse_strstr(confDKIM_CHECK_ADSP, `NO', `', `')

')dnl ifelse(SECTION, `ACL_CHECK_DKIM', `')