Mike Cardwell wrote:
> Also. In 4.70, will it be possible to sign with both DomainKeys and DKIM
> at the same time? I can see from
> http://www.mail-archive.com/exim-dev@exim.org/msg02316.html that Tom
> Kistner wrote a patch for 4.69 to do this back in March...
For the archives.
As a temporary measure, until 4.70 comes along, I've added an extra
router and transport to get DKIM and DomainKeys signing happening together:
================================================================================
Before dnslookup router:
dnslookup_dk_sign:
driver = manualroute
domains = ! +local_domains
condition = ${if eq{$h_DomainKey-Signature:}{}}
transport = remote_dk_smtp
route_list = * "127.0.0.1::25"
self = send
no_more
Then the remote_dk_smtp transport:
remote_dk_smtp:
driver = smtp
dk_selector = dk1
dk_private_key =
/etc/exim4/dk/$dk_selector._domainkey.$dk_domain.private
dk_canon = nofws
dk_strict = false
================================================================================
The dnslookup_dk_sign router fires, does the DomainKeys signing, and
connects back to localhost. Then the normal dnslookup router fires and
does the DKIM signing on the way out.
The signatures both appear valid, and according to the test messages
I've sent to check-auth@??? they're valid.
Mike