(Partial) Bingo!
I've just located a thread from earlier this year that confirms setting
dkim_domain to anything, including the empty string, would suppress
cutthrough in earlier versions of Exim:
http://www.gossamer-threads.com/lists/exim/users/105504
One option I have to create two separate routers (as I used to have!): one
that's DKIM-signing-enabled, the other not. There might still be a bit of
fun using lookup though…
So any thoughts on how to force the expanded string to let dkim_domain
remain "unset" in some conditions would be gratefully received!
Cheers,
Mike B-)
On 21 November 2016 at 14:25, Mike Brudenell <mike.brudenell@???>
wrote:
> Hi!
>
> I'm pretty sure I've identified the problem (and solution, even!) but
> would appreciate confirmation…
>
> I'm using Exim 4.86 (from Ubuntu 16.04 LTS) and in my remote_smtp
> transport I use dkim_domain to set the domain to DKIM-sign outgoing
> messages with. This uses a slightly hairy string expansion that either:
>
> - assigns a domain name (if I wish to DKIM-sign this message), or
> - the empty string (if I don't with to DKIM-sign it)
>
> I'm now trying to turn on cutthrough delivery but it's not kicking in.
> Running a "-bhc -d+all" session shows the dreaded message
>
> Cutthrough cancelled by presence of DKIM signing
>
>
> I understand and appreciate that it isn't possible to use cutthrough when
> DKIM-signing, but had assumed that with dkim_domain set to empty it would
> be allowed as no signing would be taking place.
>
> However I see in the Release Notes for 4.88 this fix:
>
> JH/13 Cutthrough: expand transport dkim_domain option when testing for dkim
> signing (which inhibits the cutthrough capability). Previously only
> the presence of an option was tested; now an expansion evaluating as
> empty is permissible (obviously it should depend only on data
> available
> when the cutthrough connection is made).
>
>
> *Question 1:* I suspect that in 4.86 assigning the empty string to
> dkim_domain will cancel cutthrough, but if I were to upgrade to 4.88 it
> wouldn't. Am I right in thinking this?
>
> *Question 2:* Assuming I'm right, is there some way of changing my string
> expansion to leave dkim_domain unset?
>
> At present it's along these lines:
>
> dkim_domain = ${if or { \
> …various conditions… \
> } \
> {${lookup {${lc:${domain:$h_from:}}} lsearch
> {/etc/exim4/cfg.d/dkim-signing-domains}}} \
> {} \
> }
>
> I'd need to leave the value of dkim_domain effectively unset (instead of
> being set to the empty string) if the lookup failed to find an entry in the
> data file, or if it fell through to the final "{}"
>
> Is there a sneaky way of doing this? (I'm thinking along the lines of
> using "fail" in the string expansion somewhere?)
>
> I'd prefer to stay with 4.86 as our general policy is to use packages
> distributed with the LTS version of Ubuntu.
>
> With many thanks,
> Mike B-)
>
> --
> Systems Administrator & Change Manager
> IT Services, University of York, Heslington, York YO10 5DD, UK
> Tel: +44-(0)1904-323811
>
> Web: www.york.ac.uk/it-services
> Disclaimer: www.york.ac.uk/docs/disclaimer/email.htm
>
--
Systems Administrator & Change Manager
IT Services, University of York, Heslington, York YO10 5DD, UK
Tel: +44-(0)1904-323811
Web:
www.york.ac.uk/it-services
Disclaimer:
www.york.ac.uk/docs/disclaimer/email.htm
