On 2007-09-28 at 16:22 +0200, Magnus Holmgren wrote:
> On fredagen den 28 september 2007, Tom Kistner wrote:
> > I have added preliminary DKIM support to Exim in CVS. If anyone feels
> > adventurous, please try these 2 tarballs:
> >
> > http://duncanthrax.net/exim-experimental/exim-4.69-cvssnap-2007-09-28.tar.g
> >z http://duncanthrax.net/exim-experimental/libdkim-1.0.15-tk.tar.gz
> >
> > The former is a current CVS snapshot of Exim. The latter is a forked
> > version of ALT-N's libdkim that you will need to install.
> >
> > I've put docs in exim-experimental.spec and also here:
> >
> > http://wiki.exim.org/DKIM
>
> Interesting solution with ${lookup dkim{domain.example}}. I'm not sure I like
> it though. No other lookup depends on a current message as context. Couldn't
> it be done with verify = dkim/domain.example, and the result is an expansion
> variable? It should be possible to specify a full email address, with the
> default value being ${address:$rh_From:}.
Having just looked at how to configure this sensibly, I support Magnus's
suggestion wholeheartedly.
Separately, I've just tried deploying DKIM with Exim 4.69; I settled for
signing outbound first before looking at verifying inbound. I opted to
DKIM sign in addition to DomainKey sign, to get the maximum
verifiability -- the union of the two groups of verifiers. This is what
Gmail does on outbound email.
Alas, Exim does not support signing with both DomainKeys and DKIM.
Three different transport methods, so it's DomainKeys, else DKIM, else
plain.
Is this a deliberate design decision, a temporary result of an early
experimental convenience (not having to rework logic) or a bug?
Thanks,
-Phil