[exim] Re: autoreply and DKIM signature ?

Góra strony
Delete this message
Reply to this message
Autor: Kurt Jaeger
Data:  
Dla: Jeremy Harris
CC: exim-users
Temat: [exim] Re: autoreply and DKIM signature ?
Hi!

> On 14/08/2024 14:31, Kurt Jaeger via Exim-users wrote:
> > The problem is that the autoreply driver looses the information
> > on which sender is used to send out the mail (envelope-from is <>
> > to avoid mail-loops).
>
> More to the point, there *is no* sender.


I understand, this avoids mail-loops. But the auto-reply
has the correct Mail-From (!), so it has the correct info somewhere ?

> It is your choice what to use for a domain for signing with
> (assuming you have keys...). The "main" domain for the
> operator of the MTA might be a good one.


Our setup has individual keys per domain on the same host.

So: user1@domain1 has an autoreply, and the autoreply
should be signed with dkim for domain1.

user2@domain2 has an autoreply, and that autoreply
should be signed with dkim for domain2.

The mail-from is correct in those cases (!), but autoreply
has no way to know which one is used...

Interestingly:

https://stackoverflow.com/questions/50371039/does-dkim-verify-smtp-envelope-from-or-the-mail-header-from

points to

https://en.wikipedia.org/wiki/DMARC#Alignment

which says: DMARC checks Mail-From. In the above case
that would not work, as autoreply has the correct Mail-From,
but the envelope-from is <>.

That why I think that the autoreply method should have some
way to find the domain from the mail-from. I can try to parse
it from the autogenerated mail, but this looks complicated.

-- 
pi@???            +49 171 3101372                    Now what ?


--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@???
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/