Re: [exim] DKIM and debian buster...

Top Page
Delete this message
Reply to this message
Author: Mike Tubby
Date:  
To: exim-users
Subject: Re: [exim] DKIM and debian buster...


On 02/07/2020 23:11, Marco Gaiarin via Exim-users wrote:
> I'm used, in exim on debian stretch (4.89-2+deb9u7) add something like:
>
>     DKIM_CANON = relaxed
>     DKIM_SELECTOR = 2020
>     DKIM_DOMAIN = ${lc:${domain:$h_from:}}
>     DKIM_PRIVATE_KEY = ${if exists{/etc/exim4/dkim/DKIM_DOMAIN-DKIM_SELECTOR-private.pem}{/etc/exim4/dkim/DKIM_DOMAIN-DKIM_SELECTOR-private.pem}{0}}

>
> to enable DKIM for selected 'from' addresses in my servers, using predefined
> '.ifdef' in predefined debian transports.


I think you can say:

    DKIM_SELECTOR = "2020"

    DKIM_PRIVATE_KEY =
/etc/exim4/dkim/DKIM_DOMAIN-DKIM_SELECTOR-private.pem

and Exim's business logic will get it correct, i.e. if it finds a key it
will sign with it otherwise it wont attempt to sign.  The other thing is
that your key needs to be readable by whatever UID/GID Exim is running as.

I used this approach for several domains up to about 6 months ago and it
"just worked" for me - I now have everything in a MySQL database and use
this:


begin transports

#
# This transport is used for delivering messages over SMTP connections
# with DKIM signatures on the outgoing mail for multiple domains that
# are handled dynamically, on-the-fly, from the MySQL database table
# called 'dkim'.
#
# We obtain the domain name from the 'from' header and convert it to lower
# case. We then use this as the key for selecting DKIM attributes.
#
remote_smtp:
        driver = smtp
        dkim_domain = ${lc:${domain:$h_from:}}
        dkim_selector = ${lookup mysql{SELECT selector FROM dkim WHERE
domain='${quote_mysql:${dkim_domain}}' AND active=1}{$value}{false}}
        dkim_canon = ${lookup mysql{SELECT canon FROM dkim WHERE
domain='${quote_mysql:${dkim_domain}}' AND active=1}{$value}{false}}
        dkim_hash = ${lookup mysql{SELECT hash FROM dkim WHERE
domain='${quote_mysql:${dkim_domain}}' AND active=1}{$value}{false}}
        dkim_private_key = ${lookup mysql{SELECT private_key FROM dkim
WHERE domain='${quote_mysql:${dkim_domain}}' AND active=1}{$value}{false}}
        dkim_strict = 0



Mike