acl_check_dkim:

  # Deny failures
  deny
     dkim_status = fail
     logwrite = DKIM test failed: $dkim_verify_reason
     add_header = X-DKIM: DKIM test failed: (address=$sender_address domain=$dkim_cur_signer), signature is bad.


  # Deny invalid signatures
  deny
     dkim_status = invalid
     add_header = X-DKIM: $dkim_cur_signer ($dkim_verify_status); $dkim_verify_reason
     logwrite = DKIM test passed (address=$sender_address domain=$dkim_cur_signer), but signature is invalid.

  # Accept valid/passed sigs
  accept
     dkim_status = pass
     logwrite = DKIM test passed
     add_header = X-DKIM: DKIM passed: (address=$sender_address domain=$dkim_cur_signer), signature is good.


  # And anything else.
  accept