Re: [exim] DKIM - signing mail

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Tom Kistner
Date:  
À: Zbigniew Szalbot
CC: exim users
Sujet: Re: [exim] DKIM - signing mail
Zbigniew Szalbot schrieb:

> Now, that I have the keys, I want to configure smtp transport. So will
> this do the trick?
>
> dnslookup:
> driver = dnslookup
> domains = ! +local_domains
> transport = remote_smtp
> dkim_domain = domain.tld
> dkim_selector = lists #selector chosen during setting up dkim
> dkim_private_key = /var/db/domainkeys/lists.key.pem
> ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
> no_more


That is OK. You can also do dynamic signing based on the sender address
in the From: header. Here is what I use:

external_smtp:
driver = smtp
dkim_selector = whizbang-dkim
dkim_domain = DKIM_DOMAIN
dkim_private_key = DKIM_PRIVATE_KEY
dkim_strict = 0
dkim_canon = relaxed

Where the macros are defined as:

DKIM_DOMAIN = ${lc:${domain:$h_from:}}
DKIM_FILE = /etc/exim/dkim/${lc:${domain:$h_from:}}.priv
DKIM_PRIVATE_KEY = ${if exists{DKIM_FILE}{DKIM_FILE}{0}}

If no key file exists for the domain in the "From:" header, no signing
is done.

/tom