[exim] Signing messages with DKIM in SMTP transport

Top Page
Delete this message
Reply to this message
Author: Mike Brudenell
Date:  
To: Exim Users
Subject: [exim] Signing messages with DKIM in SMTP transport
Hi, all -

I'm sure I must be missing something obvious, but it's defeating me…

I'm experimenting on a test server, trying to add DKIM signing to messages
going out through a transport named remote_smtp_dkim. That transport looks
like this:

remote_smtp_dkim:
  driver = smtp
  dkim_domain       = york.ac.uk
  dkim_selector     = 20160118
  debug_print       = remote_smtp_dkim : '$dkim_domain' : '$dkim_selector'
: '/etc/exim4/dkim/$dkim_domain-$dkim_selector.pem'
  dkim_private_key  = ${if
exists{/etc/exim4/dkim/$dkim_domain-$dkim_selector.pem} \


 {/etc/exim4/dkim/$dkim_domain-$dkim_selector.pem}}
  dkim_canon        = relaxed
  dkim_strict       = false


(It'll get fancier over time; I'm just trying to get even one message
signed to start with!)

Sending a message through does not sign it. (And yes, my routers call this
transport! :-)

Running Exim in Debug mode (with "-d -bd" on the command line) and using
telnet to construct a message through it shows this logging, which includes
the output from the debug_print directive…

25638 >>>>>>>>>>>>>>>> Remote deliveries >>>>>>>>>>>>>>>>
25638 --------> testaddress@??? <--------
25638 search_tidyup called
25638 set_process_info: 25638 delivering 1aLZr4-0006fR-7X: waiting for a
remote delivery subprocess to finish
25638 selecting on subprocess pipes
25640 changed uid/gid: remote delivery to testaddress@??? with
transport=remote_smtp_dkim
25640 uid=110 gid=118 pid=25640
25640 auxiliary group list: <none>
25640 set_process_info: 25640 delivering 1aLZr4-0006fR-7X using
remote_smtp_dkim
25640 remote_smtp_dkim : '' : '' : '/etc/exim4/dkim/-.pem'
25640 remote_smtp_dkim transport entered


Note that where I use debug_print to output the values of $dkim_domain and
$dkim_selector I'm getting empty strings which, coupled with the resulting
non-existent filename, leads to the message not being signed.

But the Exim Specification says for the dkim_domain and dkim_selector
directives…

Signing is implemented by setting private options on the SMTP transport.
These options take (expandable) strings as arguments.

dkim_domain

MANDATORY: The domain you want to sign with. The result of this expanded
option is put into the $dkim_domain expansion variable.

dkim_selector

MANDATORY: This sets the key selector string. You can use the
$dkim_domain expansion
variable to look up a matching selector. The result is put in the expansion
variable $dkim_selector which should be used in the dkim_private_key option
along with $dkim_domain.

>From which I'm expecting the values I set using the options within the

remote_smtp_dkim transport to be available within the matching variables.
But they're not!

What am I missing?

Cheers,
Mike B-)

--
Systems Administrator & Change Manager
IT Services, University of York, Heslington, York YO10 5DD, UK
Tel: +44-(0)1904-323811

Web: www.york.ac.uk/it-services
Disclaimer: www.york.ac.uk/docs/disclaimer/email.htm