Re: [exim] Signing messages with DKIM in SMTP transport

Kezdőlap
Üzenet törlése
Válasz az üzenetre
Szerző: Mike Brudenell
Dátum:  
Címzett: Exim Users
Tárgy: Re: [exim] Signing messages with DKIM in SMTP transport
AARGHH!!!!

Looks like it was a horrible combination of:

- a typo in the name of the key file (so Exim couldn't find it so wasn't
signing), and

- it appears the debug_print gets actioned before the dkim_domain and
dkim_selector options, meaning it's before the variables get their values
assigned.

Groan! At least I can go home happy now though.

Cheers,
Mike B-)

PS: Jeremy… I'm guessing the "should" should be a "can"?
(But not a can-can, of course. 💃💃💃)


On 19 January 2016 at 17:25, Mike Brudenell <mike.brudenell@???>
wrote:

> Hi, all -
>
> I'm sure I must be missing something obvious, but it's defeating me…
>
> I'm experimenting on a test server, trying to add DKIM signing to messages
> going out through a transport named remote_smtp_dkim. That transport looks
> like this:
>
> remote_smtp_dkim:
>   driver = smtp
>   dkim_domain       = york.ac.uk
>   dkim_selector     = 20160118
>   debug_print       = remote_smtp_dkim : '$dkim_domain' : '$dkim_selector'
> : '/etc/exim4/dkim/$dkim_domain-$dkim_selector.pem'
>   dkim_private_key  = ${if
> exists{/etc/exim4/dkim/$dkim_domain-$dkim_selector.pem} \

>
>  {/etc/exim4/dkim/$dkim_domain-$dkim_selector.pem}}
>   dkim_canon        = relaxed
>   dkim_strict       = false

>
> (It'll get fancier over time; I'm just trying to get even one message
> signed to start with!)
>
> Sending a message through does not sign it. (And yes, my routers call this
> transport! :-)
>
> Running Exim in Debug mode (with "-d -bd" on the command line) and using
> telnet to construct a message through it shows this logging, which includes
> the output from the debug_print directive…
>
> 25638 >>>>>>>>>>>>>>>> Remote deliveries >>>>>>>>>>>>>>>>
> 25638 --------> testaddress@??? <--------
> 25638 search_tidyup called
> 25638 set_process_info: 25638 delivering 1aLZr4-0006fR-7X: waiting for a
> remote delivery subprocess to finish
> 25638 selecting on subprocess pipes
> 25640 changed uid/gid: remote delivery to testaddress@??? with
> transport=remote_smtp_dkim
> 25640 uid=110 gid=118 pid=25640
> 25640 auxiliary group list: <none>
> 25640 set_process_info: 25640 delivering 1aLZr4-0006fR-7X using
> remote_smtp_dkim
> 25640 remote_smtp_dkim : '' : '' : '/etc/exim4/dkim/-.pem'
> 25640 remote_smtp_dkim transport entered
> …
>
> Note that where I use debug_print to output the values of $dkim_domain and
> $dkim_selector I'm getting empty strings which, coupled with the resulting
> non-existent filename, leads to the message not being signed.
>
> But the Exim Specification says for the dkim_domain and dkim_selector
> directives…
>
> Signing is implemented by setting private options on the SMTP transport.
> These options take (expandable) strings as arguments.
>
> dkim_domain
>
> MANDATORY: The domain you want to sign with. The result of this expanded
> option is put into the $dkim_domain expansion variable.
>
> dkim_selector
>
> MANDATORY: This sets the key selector string. You can use the $dkim_domain
> expansion variable to look up a matching selector. The result is put in
> the expansion variable $dkim_selector which should be used in the dkim_private_key
> option along with $dkim_domain.
>
> From which I'm expecting the values I set using the options within the
> remote_smtp_dkim transport to be available within the matching variables.
> But they're not!
>
> What am I missing?
>
> Cheers,
> Mike B-)
>
> --
> Systems Administrator & Change Manager
> IT Services, University of York, Heslington, York YO10 5DD, UK
> Tel: +44-(0)1904-323811
>
> Web: www.york.ac.uk/it-services
> Disclaimer: www.york.ac.uk/docs/disclaimer/email.htm
>




--
Systems Administrator & Change Manager
IT Services, University of York, Heslington, York YO10 5DD, UK
Tel: +44-(0)1904-323811

Web: www.york.ac.uk/it-services
Disclaimer: www.york.ac.uk/docs/disclaimer/email.htm