On 02/07/2020 23:11, Marco Gaiarin via Exim-users wrote:
> I'm used, in exim on debian stretch (4.89-2+deb9u7) add something like:
>
> DKIM_CANON = relaxed
> DKIM_SELECTOR = 2020
> DKIM_DOMAIN = ${lc:${domain:$h_from:}}
> DKIM_PRIVATE_KEY = ${if exists{/etc/exim4/dkim/DKIM_DOMAIN-DKIM_SELECTOR-private.pem}{/etc/exim4/dkim/DKIM_DOMAIN-DKIM_SELECTOR-private.pem}{0}}
>
> to enable DKIM for selected 'from' addresses in my servers, using predefined
> '.ifdef' in predefined debian transports.
I think you can say:
DKIM_SELECTOR = "2020"
DKIM_PRIVATE_KEY =
/etc/exim4/dkim/DKIM_DOMAIN-DKIM_SELECTOR-private.pem
and Exim's business logic will get it correct, i.e. if it finds a key it
will sign with it otherwise it wont attempt to sign. The other thing is
that your key needs to be readable by whatever UID/GID Exim is running as.
I used this approach for several domains up to about 6 months ago and it
"just worked" for me - I now have everything in a MySQL database and use
this:
begin transports
#
# This transport is used for delivering messages over SMTP connections
# with DKIM signatures on the outgoing mail for multiple domains that
# are handled dynamically, on-the-fly, from the MySQL database table
# called 'dkim'.
#
# We obtain the domain name from the 'from' header and convert it to lower
# case. We then use this as the key for selecting DKIM attributes.
#
remote_smtp:
driver = smtp
dkim_domain = ${lc:${domain:$h_from:}}
dkim_selector = ${lookup mysql{SELECT selector FROM dkim WHERE
domain='${quote_mysql:${dkim_domain}}' AND active=1}{$value}{false}}
dkim_canon = ${lookup mysql{SELECT canon FROM dkim WHERE
domain='${quote_mysql:${dkim_domain}}' AND active=1}{$value}{false}}
dkim_hash = ${lookup mysql{SELECT hash FROM dkim WHERE
domain='${quote_mysql:${dkim_domain}}' AND active=1}{$value}{false}}
dkim_private_key = ${lookup mysql{SELECT private_key FROM dkim
WHERE domain='${quote_mysql:${dkim_domain}}' AND active=1}{$value}{false}}
dkim_strict = 0
Mike
