Re: [exim] DKIM signing for multiple domains

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MOdhiambo Washington at <-
MRichard James Salts at ->
Delete this message
Reply to this message
Author: Klaus Maria Pfeiffer
Date:  
To: exim-users
Subject: Re: [exim] DKIM signing for multiple domains
hi!

On 09/25/2018 03:40 PM, Odhiambo Washington via Exim-users wrote:
>>> Suppose I had different dkim_selectors, is there a simple way to work
>>> around that too? :)
>> Same idea, the option is expandable so you can use a lookup based on
>> $sender_address_domain
>> to get the selector.

I've done it the following way, config snippets and script should be
self explainable. :-)

;=== /etc/exim4/conf.d/main/00_local-config_macros ===
# Enable DKIM
DKIM_DOMAIN = ${sender_address_domain}
#DKIM_DOMAIN = ${lc:${domain:$h_from:}}
DKIM_SELECTOR =
${lookup{DKIM_DOMAIN}lsearch*{CONFDIR/dkim.d/dkim_selectors}}
DKIM_PRIVATE_KEY = ${if
exists{CONFDIR/dkim.d/DKIM_DOMAIN.DKIM_SELECTOR.key}{CONFDIR/dkim.d/DKIM_DOMAIN.DKIM_SELECTOR.key}{0}}
DKIM_CANON = relaxed
# we just use the same as Heiko Schlittermann schlittermann.de
DKIM_SIGN_HEADERS =
In-Reply-To:Content-Type:MIME-Version:References:Message-ID:Subject:To:From:Date:Cc:Content-Description:Content-ID:Content-Transfer-Encoding:Resent-To
;===

you also will have DKIM towards smarthost.
;=== /etc/exim4/conf.d/transport/30_exim4-config_remote_smtp_smarthost ===
.ifdef DKIM_DOMAIN
dkim_domain = DKIM_DOMAIN
.endif
.ifdef DKIM_SELECTOR
dkim_selector = DKIM_SELECTOR
.endif
.ifdef DKIM_PRIVATE_KEY
dkim_private_key = DKIM_PRIVATE_KEY
.endif
.ifdef DKIM_CANON
dkim_canon = DKIM_CANON
.endif
.ifdef DKIM_STRICT
dkim_strict = DKIM_STRICT
.endif
.ifdef DKIM_SIGN_HEADERS
dkim_sign_headers = DKIM_SIGN_HEADERS
.endif
;===

create dkim keys.
;===
!#/bin/bash
DOMAIN=$1
SELECTOR=dflt
KEYSIZE=2048
DKIMDIR=dkim.d
cd /etc/exim4
mkdir $DKIMDIR
openssl genrsa -out $DKIMDIR/$DOMAIN.$SELECTOR.key $KEYSIZE
openssl rsa -in $DKIMDIR/$DOMAIN.$SELECTOR.key -out
$DKIMDIR/$DOMAIN.$SELECTOR.pub -pubout -outform PEM
echo -e "$DOMAIN:\t$SELECTOR" >> $DKIMDIR/dkim_selectors
chown -R root:Debian-exim $DKIMDIR
chmod 640 $DKIMDIR/*.key
chmod 644 $DKIMDIR/*.pub $DKIMDIR/dkim_selectors
chmod 755 $DKIMDIR
;===

sorry for the linewraps, see also https://wiki.kmp.or.at/EximConfig#DKIM

galiegrü, Klaus

--
Klaus Maria Pfeiffer
chat: xmpp:hoedlmoser@???
blog: http://blog.kmp.or.at/
twitter: @hoedlmoser


This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] demime -> acl_smtp_mimeRe: [exim] DKIM signing for multiple domains->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)