[exim] Help with dual-key DKIM

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Perry Naseck
Datum:  
To: Exim-users
Betreff: [exim] Help with dual-key DKIM
Hello!

I'm having trouble wrapping my head around how to 1) lsearch a list multiple times until there are no more matches and 2) format that as an EXIM list (colon separated). This is to do dual DKIM signing (RSA+ed25519). This what I have now:

exim4.conf.localmacros:

    DKIM_SELECTOR = ${extract{selector}{${lookup{$sender_address_domain}lsearch*@{/etc/exim4/dkim/KeyTable}}}{$value}{}}
    DKIM_DOMAIN = ${lc:${domain:$h_from:}}
    DKIM_FILE = ${extract{privkey}{${lookup{$sender_address_domain}lsearch*@{/etc/exim4/dkim/KeyTable}}}{$value}{}}
    DKIM_PRIVATE_KEY = ${if exists{DKIM_FILE}{DKIM_FILE}{0}}
    DKIM_CANON = ${extract{canon}{${lookup{$sender_address_domain}lsearch*@{/etc/exim4/dkim/KeyTable}}}{$value}{relaxed}}
    DKIM_STRICT = ${extract{strict}{${lookup{$sender_address_domain}lsearch*@{/etc/exim4/dkim/KeyTable}}}{$value}{false}}


dkim/KeyTable:

    example.com domain=example.com canon=relaxed strict=true selector=20210724_1_rsa privkey=/etc/exim4/dkim/example.com/example.com_20210724_1_rsa.pem
    example.com domain=example.com canon=relaxed strict=true selector=20210724_1_ed25519 privkey=/etc/exim4/dkim/example.com/example.com_20210724_1_ed25519.pem


This works fine for finding the first listing. Or maybe I'm doing this all wrong (even though it works) and there is a better way to do it.

This is on Debian stable with exim-daemon-heavy version 4.92 #3 built 01-May-2021 09:42:39.

Thanks!
Perry