On 09/03/2024 09:08, Slavko via Exim-users wrote:
> Dňa 9. marca 2024 7:15:17 UTC používateľ Andreas Metzler via Exim-users <exim-users@???> napísal:
>
>> The DKIM section of "DKIM, SPF, SRS and DMARC" starts with
>> | Exim’s DKIM implementation allows for
>> |
>> | 1. Signing outgoing messages: This function is implemented in the
>> | SMTP transport. It can co-exist with all other Exim features
>> | (including transport filters) except cutthrough delivery.
>
> Thanks, but i understand that, that dkim_* options can be used
> together with any other transport's functions in mean of config
> errors, but nothing about DKIM signature validity.
>
> I recently play with this relative long time ago (IIRC in 4.92 or 4.94
> versions), thus it can be changed from that time, but when i rewrite
> From (and related) domain, and use domain:$h_from in dkim_domain,
> it doesn't work.
That is because the "$h_from" is the value of the From: header of
the message as it arrived on the transport. The implementation does not expect
anyone to use a transport filter to rewrite headers; this could be
regarded as a deficiency.
However, the text of the headers (and body) of the message used as input
for the various hashes and signatures of the DKIM signing *is* the
output of any transport filter (this adds significant coding and cpu
overhead, as it happens). The documentation for this is the source-code,
for anybody caring that much.
Given that the transport already has facilities for headers manipulation
(the headers_rewrite, headers_remove and headers_add options)
I'd need some convincing that the deficiency identified must be addressed
by anything beyond documenting it.
These facilities are applied before any transport filter, and hence before
the dkim signing operation. I am reasonably sure that a rewrite will
be visible in $h_* expansion syntax used in dkim signing option.
However, the result of adds and removes will not be
(sigh. That should probably be fixed).
Whether this affects the OP or not depends on what headers they want
to sign vs. what they want to manipulate,
I'd also suggest (as a side issue) that not logging any such manipulation
(by any method) will make tracing delivery problems much more difficult.
--
Cheers,
Jeremy
--
## subscription configuration (requires account):
##
https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@???
## Exim details at
http://www.exim.org/
## Please use the Wiki with this list -
http://wiki.exim.org/
