Re: [exim] Bad DKIM mainlog entries

Top Page
Delete this message
Reply to this message
Author: Mike Cardwell
Date:  
To: Exim Mailing List
Subject: Re: [exim] Bad DKIM mainlog entries
Mike Cardwell wrote:

> Also. In 4.70, will it be possible to sign with both DomainKeys and DKIM
> at the same time? I can see from
> http://www.mail-archive.com/exim-dev@exim.org/msg02316.html that Tom
> Kistner wrote a patch for 4.69 to do this back in March...


For the archives.

As a temporary measure, until 4.70 comes along, I've added an extra
router and transport to get DKIM and DomainKeys signing happening together:

================================================================================
Before dnslookup router:

dnslookup_dk_sign:
     driver              = manualroute
     domains             = ! +local_domains
     condition           = ${if eq{$h_DomainKey-Signature:}{}}
     transport           = remote_dk_smtp
     route_list          = * "127.0.0.1::25"
     self                = send
     no_more


Then the remote_dk_smtp transport:

remote_dk_smtp:
   driver             = smtp
   dk_selector        = dk1
   dk_private_key     = 
/etc/exim4/dk/$dk_selector._domainkey.$dk_domain.private
   dk_canon           = nofws
   dk_strict          = false
================================================================================


The dnslookup_dk_sign router fires, does the DomainKeys signing, and
connects back to localhost. Then the normal dnslookup router fires and
does the DKIM signing on the way out.

The signatures both appear valid, and according to the test messages
I've sent to check-auth@??? they're valid.

Mike