I've been scratching my head on this one for a few days now.
I'm using Exim 4.72
If I send a message to my exim server where I'm signing the From header, I
get:
[verification failed - signature did not verify (headers probably modified
in transit)]
If I resend the same exact message except not signing the From header, I
get:
[verification succeeded]
If I run exim with the -d flag set, and I'm seeing the following in the
middle of the DKIM verification process.
10014 rewrite_one_header: type=T:
10014 To: testinbox@???
10014 rewrite_one_header: type=F:
10014 From: postmaster@???
10014 search_tidyup called
10014 >>Headers after rewriting and local additions:
10014 * Return-Path: <postmaster@???>
10014 DKIM-Signature: v=1; a=rsa-sha1; d=client.dkimtest.qa; s=X;
c=relaxed/relaxed;
...
...
10014 Date: Fri, 22 Aug 2014 13:46:04 -0400
...
10014 T To: testinbox@???
10014 F From: postmaster@???
10014 Subject: Domainkey verification test for node Fri, 22 Aug 2014
13:46:04 -0400
10014
10014 Data file written for message 1XKsuZ-0002bW-M5
Is there any way to disable address rewriting completely? The
documentation (
http://www.exim.org/exim-html-4.72/doc/html/spec_html/ch-address_rewriting.html#SECID148)
mentions something about no_rewrite, but I can't seem to get that to work.
I don't currently have an acl_smtp_dkim section in my conf file, so I'm
using default settings there. Maybe there's an option there that I'm
missing in the documentation that needs to be set to prevent this?
Or if not, is there a way to change when the addresses get rewritten? It
seems exim is starting on the DKIM verification, extracts the signature,
receives the headers, *rewrites the from and to headers*, then validates
the signature against the key in DNS, which fails since we signed the from
header which has not been rewritten.
Thanks for your help!
-Anthony
