Autor: Odhiambo Washington Datum: To: exim users Betreff: Re: [exim] DKIM signing for multiple domains
On Mon, 1 Oct 2018 at 09:55, Richard James Salts <exim@???>
wrote:
> On Friday, 28 September 2018 2:19:10 PM AEST Odhiambo Washington wrote:
> > On Wed, 26 Sep 2018 at 08:47, Richard James Salts via Exim-users <
> >
> > exim-users@???> wrote:
> > > On Tuesday, 25 September 2018 10:28:42 AM AEST Odhiambo Washington via
> > > Exim-users
> > >
> > > wrote:
> > > > Hi everyone,
> > > >
> > > > I have multiple domains hosted on the same server. They are virtual
> > > > domains. The server has just one IP address and one Exim instance.
> > > > I am wondering how to easily do DKIM signing for these domains. I
> > > > decided
> > > > to use the same selector for all the domains to make life easy. Would
> > > > the
> > > > following transport work? If not, what is the best way to do this for
> > > > multiple domains sharing the same IP address?
> > > >
> > > > remote_smtp_DK:
> > > > driver = smtp
> > > > dkim_domain = ${sender_address_domain}
> > > > dkim_selector = csl
> > > > dkim_private_key =
> > > >
> > > > "/etc/pki/tls/dk/${sender_address_domain}-dkim.priv.key"
> > > >
> > > > dkim_canon = relaxed
> > > > dkim_strict = true
> > >
> > > I use dkim_domain =
> > > ${filter{${map{${addresses:$h_from:}}{${domain:$item}}}}
> > > {match_domain{$item}{+local_domains}}}
> > > which will match any addresses in a from field that are local, in
> addition
> > > if dkim_domain is a
> > > list it will sign with multiple signatures (e.g. From: <user1@local1>,
> > > <user2@local2>,
> > > <user3@remote> will add dkim signature for local1 and local2 domains.
> >
> > Hi Richard
> >
> > When I use your dkim_domain option, the mail does not get signed, but
> mails
> > get signed using my option
> >
> > dkim_domain = ${if
> >
> exists{/etc/pki/tls/dk/${lc:$sender_address_domain}-dkim.priv.key}{${lc:$sen
> > der_address_domain}}{}} #dkim_domain =
> >
> ${filter{${map{${addresses:$h_from:}}{${domain:$item}}}}{match_domain{$item}
> > {+local_domains}}}
> >
> > How can I test your expansion manually?
> As Jeremy suggested you can use exim -bem /path/to/message, you probably
> want
> a combination of mine and yours in the expansion as you're testing on the
> existence of a key for a particular domain whereas I'm signing for all
> domains
> considered local with the same key. Maybe instead of the {match_domain
> ...}
> part of the filter you should instead use your {${if
> exists{/etc/pki/tls/dk/$
> {lc:$item}-dkim.priv.key}} or something like that.
>
Thank you. Let me run the test for -bem and see what I come up with.
--
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254 7 3200 0004/+254 7 2274 3223
"Oh, the cruft."