On 02/11/06, Zbigniew Szalbot <zbyszek@???> wrote:
>
> Hello,
>
> If someone how has been down the road of building exim with DK support and
> especially with generating DKs and is willing to share a simply how-to, I
> would really appreciate a link.
>
Not got any nice links and at the moment I'm playing with it rather than
using it in production. That said, it works, though as the volume of signed
mail is fairly low, to me at least, though my customers appear to be
receiving quite a bit, as yet I'm not happy enough to roll it out for them.
In my recipient ACL I have
warn control = dk_verify
then in my data ACL
warn message = DomainKey-Status: $dk_status
logwrite = $dk_result
deny message = $dk_sender says all mail signed and this message
was not
dk_policy = signsall
dk_status = no signature
deny message = $dk_sender says all mail signed, this was, but the
key was bad
dk_policy = signsall
dk_status = bad
deny message = $dk_sender says all mail signed and has revoked
this key
dk_policy = signsall
dk_status = revoked
defer message = $dk_sender says all mail signed but the key is
missing or format wrong
dk_policy = signsall
dk_status = no key : bad format
For my outgoing mail I use a transport which contains the lines
dk_canon = nofws
dk_selector = ${substr{0}{6}{$tod_zulu}}
dk_private_key = /usr/exim/rsa.private.$dk_domain.$dk_selector
Then with domain record like
_domainkey.quetz.co.uk descriptive text "o=-\; r=postmaster@???"
and
200610._domainkey.quetz.co.uk descriptive text "k=rsa\;
p=MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhAK5X9nifKf8jUaqGxOCdVZK4RZKEboZYGfSjgwNuytuwHvIk6w4zhw+EPf8aNSyS47rxdalD50lTx2sme8Isg/rgVQ+07vOpKvHTbgjsMuaUli0E8VIoxkxonaz4dkd4tQIDAQAB"
we are in business. Hope that gives you a few clues to get started with.
Keith
--
Keith Brazington
Quetz Limited
