[exim] dkim_domain with empty value cancels cutthrough

Páxina inicial
Borrar esta mensaxe
Responder a esta mensaxe
Autor: Mike Brudenell
Data:  
Para: Exim Users
Asunto: [exim] dkim_domain with empty value cancels cutthrough
Hi!

I'm pretty sure I've identified the problem (and solution, even!) but would
appreciate confirmation…

I'm using Exim 4.86 (from Ubuntu 16.04 LTS) and in my remote_smtp transport
I use dkim_domain to set the domain to DKIM-sign outgoing messages with.
This uses a slightly hairy string expansion that either:

- assigns a domain name (if I wish to DKIM-sign this message), or
- the empty string (if I don't with to DKIM-sign it)

I'm now trying to turn on cutthrough delivery but it's not kicking in.
Running a "-bhc -d+all" session shows the dreaded message

Cutthrough cancelled by presence of DKIM signing


I understand and appreciate that it isn't possible to use cutthrough when
DKIM-signing, but had assumed that with dkim_domain set to empty it would
be allowed as no signing would be taking place.

However I see in the Release Notes for 4.88 this fix:

JH/13 Cutthrough: expand transport dkim_domain option when testing for dkim
      signing (which inhibits the cutthrough capability).  Previously only
      the presence of an option was tested; now an expansion evaluating as
      empty is permissible (obviously it should depend only on data
available
      when the cutthrough connection is made).



*Question 1:* I suspect that in 4.86 assigning the empty string to
dkim_domain will cancel cutthrough, but if I were to upgrade to 4.88 it
wouldn't. Am I right in thinking this?

*Question 2:* Assuming I'm right, is there some way of changing my string
expansion to leave dkim_domain unset?

At present it's along these lines:

dkim_domain = ${if or { \
                         …various conditions… \
                      } \
                   {${lookup {${lc:${domain:$h_from:}}} lsearch
{/etc/exim4/cfg.d/dkim-signing-domains}}} \
                   {} \
               }


I'd need to leave the value of dkim_domain effectively unset (instead of
being set to the empty string) if the lookup failed to find an entry in the
data file, or if it fell through to the final "{}"

Is there a sneaky way of doing this? (I'm thinking along the lines of using
"fail" in the string expansion somewhere?)

I'd prefer to stay with 4.86 as our general policy is to use packages
distributed with the LTS version of Ubuntu.

With many thanks,
Mike B-)

--
Systems Administrator & Change Manager
IT Services, University of York, Heslington, York YO10 5DD, UK
Tel: +44-(0)1904-323811

Web: www.york.ac.uk/it-services
Disclaimer: www.york.ac.uk/docs/disclaimer/email.htm