X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;f=test%2Fconfs%2F4500;h=c7335327e3861f60fbd25492537debe739c8727c;hb=98eb95929140ee1e2b2b367b12abb45762d155e9;hp=bf4f1f6ad5d5e46912e953fd0ce158065901349f;hpb=d4dc049f9a9e80ac3a470fd644418668eefedecb;p=user%2Fhenk%2Fcode%2Fexim.git

diff --git a/test/confs/4500 b/test/confs/4500
index bf4f1f6ad..c7335327e 100644
--- a/test/confs/4500
+++ b/test/confs/4500
@@ -9,9 +9,36 @@ primary_hostname = myhost.test.ex
 # ----- Main settings -----
 
 acl_smtp_rcpt = accept
-acl_smtp_dkim = accept logwrite = signer: $dkim_cur_signer bits: $dkim_key_length
+acl_smtp_dkim = check_dkim
+acl_smtp_data = check_data
+
+log_selector = +dkim_verbose
+dkim_verify_hashes = sha256 : sha512 : sha1
 
 queue_only
 queue_run_in_order
 
+
+begin acl
+
+check_dkim:
+.ifdef BAD
+  warn	logwrite =	${lookup dnsdb{defer_never,txt=_adsp._domainkey.$dkim_cur_signer}{$value}{unknown}}
+.endif
+.ifdef OPTION
+  warn	condition =	${if eq {$dkim_algo}{rsa-sha1}}
+	condition =	${if eq {$dkim_verify_status}{pass}}
+	logwrite =	NOTE: forcing dkim verify fail (was pass)
+	set dkim_verify_status = fail
+	set dkim_verify_reason = hash too weak
+.endif
+  warn
+	logwrite = signer: $dkim_cur_signer bits: $dkim_key_length
+.ifndef STRICT
+  accept
+.endif
+
+check_data:
+  accept logwrite = ${authresults {$primary_hostname}}
+
 # End