DKIM_DOMAIN = ${lc:${domain:$h_from:}}
DKIM_SELECTOR = <\n ${lookup sqlite {/etc/exim4/dkim/KeyTable.db select selector from dkim where domain='$dkim_domain';}{$value}fail}
DKIM_FILE = ${lookup sqlite {/etc/exim4/dkim/KeyTable.db select privkey from dkim where domain='$dkim_domain' and selector='$dkim_selector';}{/etc/exim4/dkim/$value}fail}
DKIM_PRIVATE_KEY = ${if exists{DKIM_FILE}{DKIM_FILE}{0}}
DKIM_CANON = ${lookup sqlite {/etc/exim4/dkim/KeyTable.db select canon from dkim where domain='$dkim_domain' and selector='$dkim_selector';}{$value}fail}
DKIM_STRICT = ${lookup sqlite {/etc/exim4/dkim/KeyTable.db select strict from dkim where domain='$dkim_domain' and selector='$dkim_selector';}{$value}fail}
This config successfully dual signs messages with both RSA and ed25519 keys. Note I am not using sqlite_dbfile because Debian stable has Exim v4.92 at the moment.
I originally attempted CDB and couldn't get it all to work, but I like SQLite a bit better since it is a bit less tedious to update/edit. It would be nice to know if there is a speed difference, though this is a very small, personal mail server so it won't matter much in this particular case. I suppose Redis would be the fastest, but that is no longer as simple as a single-file DB.
Thanks again,
Perry
On 7/26/21 9:27 AM, Jeremy Harris via Exim-users wrote: > On 26/07/2021 14:16, Graeme Fowler via Exim-users wrote:
>> So… if there are lines after the first match, they’ll never be reached. As Jeremy states, wrong tool for the job.
>>
>> If you want to persevere with lsearch, make your key (the bit before the colon) unique and set multiple values,
>
> The alternative will be something closer to a real database (than the flat file accessed
> by lsearch), which can return multiple results for a single query. Sqlite, CDB, LMDB, Postgres, etc.
