I built the new 4.70 and modified the dkim configuration from the 4.69
style to the new and improved 4.70 style. I'm only doing verification
at the moment. It always thinks the email is not dkim signed. It
never makes it past the first dkim check because it always thinks it
has no signature.
I'm looking for two answers during this email:
1. Why does exim always think an email is unsigned?
2. Feedback on my ACL logic and header construction.
I have set in exim.conf:
acl_smtp_dkim = acl_check_dkim
dkim_verify_signers = *
Then I have an acl (beware of line-wrapping) :
acl_check_dkim:
accept hosts = +relay_from_hosts
accept authenticated = *
accept dkim_status = none
condition = ${if eq {$acl_c_dkim_hdr}{1} {no}{yes}}
set acl_c_dkim_hdr = 1
add_header = :at_start:X-DKIM: Exim 4.70 on
$primary_hostname (no dkim signature)
warn condition = ${if eq {$acl_c_dkim_hdr}{1} {no}{yes}}
set acl_c_dkim_hdr = 1
add_header = :at_start:X-DKIM: Exim 4.70 on $primary_hostname
deny dkim_status = fail
message = Rejected: $dkim_verify_reason
accept dkim_status = invalid
add_header = :at_start:Authentication-Results:
$primary_hostname $dkim_cur_signer ($dkim_verify_status);
$dkim_verify_reason
accept dkim_status = pass
add_header = :at_start:Authentication-Results:
$primary_hostanme; dkim=$dkim_domain, header.i=@$dkim_cur_signer
($dkim_verify_status)
accept
Here are some headers from a test email I sent myself, and you can see
that exim did not think it was signed:
Return-path: <todd@???>
Envelope-to: aaron@???
Delivery-date: Wed, 18 Nov 2009 22:57:56 +0000
X-DKIM: Exim 4.70 on m.test.ivenue.com (no dkim signature)
Received: from mail.mrball.net ([208.89.136.119])
by m.test.ivenue.com with esmtp (Exim 4.70)
(envelope-from <todd@???>)
id 1NAtTC-0001jP-Bf
for aaron@???; Wed, 18 Nov 2009 22:57:55 +0000
Received: from trip.mrball.net (mail.mrball.net [208.89.136.119])
by mail.mrball.net (8.14.2/8.14.2) with ESMTP id nAIMvZA0010306
for <aaron@???>; Wed, 18 Nov 2009 14:57:36 -0800
X-DKIM: Sendmail DKIM Filter v2.4.3.dev mail.mrball.net nAIMvZA0010306
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=mrball.net; s=test;
t=1258585063; bh=WkNI55heP6q4XyliaoDIH0NyKwrTyZ2dEAWsX5yGMzY=;
h=X-DomainKeys:DomainKey-Signature:Received:Received:Date:From:To:
Message-ID:MIME-Version:Content-Type:Content-Disposition:
Organization:X-message-flag:User-Agent; b=BOkZaaggfIsA861A0P+uTIO8
yPO6jacZaygbBFO/C2nygRMOe9wInD6mCvCsHkmZwfvcL3blK3kG14t6VkgfBQRHDQ6
B0flhAfUGVrxCdgsKgE5KgeWytWTxLOTrnrVv4x0glxTbMMuHXinF8U+cGWgNSlWOKy
LUXzYgIi7giRY=
<snip>
Any feedback is greatly appreciated!
--
Regards... Todd
The best thing about pair programming is that you have the perfect
audience for your genius. -- Kent Beck
