Autor: James Lovejoy Data: A: exim-users Assumpte: Re: [exim] DKIM outgoing Mail
You should only be DKIM signing for domain(s) under your control with
your private key generated for the domain(s), not for a remote domain
owned by some other entity.
--James
> Hello,
> I do sign outgoing mail with dkim.
> In my config I use
>
> remote_smtp:
> driver = smtp
> dkim_domain = ${lc:${domain:$h_from:}}
> dkim_selector = mx
> dkim_private_key =
> /etc/exim4/ssl/dkim.${lc:${domain:$h_from:}}.private.key
> dkim_canon = relaxed
>
> all is fine for my domains I do hosting.
>
> but when i get a mail from facebook and do a redirect to an other
> mailadress I get an error that the private key for facebook does not exist.
>
> 2017-03-01 04:01:22 1ciuVy-0004Hv-Ad <=
> notification+kr4ynkwxkesx@??? H=(mx-out.facebook.com)
> [69.171.232.172] P=esmtps X=TLS1.0:ECDHE_RSA_AES_128_CBC_SHA1:128 CV=no
> S=20050 id=a7d60ae185f5cf2f9aa2e4db61bfeac8@???
> ....
> 2017-03-01 04:01:24 1ciuVy-0004Hv-Ad unable to open private key file for
> reading: /etc/exim4/ssl/dkim.facebookmail.com.private.key
>
>
> That's ok. but how do i solve it.
> Should i do only sign my own domains?
>
> best regards,
> basti
>