1 files changed, 10 insertions, 1 deletions

diff --git a/src/mailman_pgp/rules/signature.py b/src/mailman_pgp/rules/signature.py
index 998e9c3..b7d4b5c 100644
--- a/src/mailman_pgp/rules/signature.py
+++ b/src/mailman_pgp/rules/signature.py
@@ -35,7 +35,7 @@ from mailman_pgp.model.sighash import PGPSigHash
 from mailman_pgp.pgp.wrapper import PGPWrapper
 from mailman_pgp.utils.email import get_email
 from mailman_pgp.utils.moderation import record_action
-from mailman_pgp.utils.pgp import hashes, verifies
+from mailman_pgp.utils.pgp import hashes, verifies, expired
 
 
 @public
@@ -96,6 +96,15 @@ class Signature:
             return True
 
         verifications = list(wrapped.verify(key))
+        # verifications is a list of SignatureVerification, only contains
+        # sigs that appear to be by the pgp_address.key
+
+        if expired(verifications):
+            action = pgp_list.expired_sig_action
+            if action != Action.defer:
+                record_action(msg, msgdata, action, email,
+                              'Signature is expired.')
+                return True
 
         # Take the `invalid_sig_action` if the verification failed.
         if not verifies(verifications):