[exim] Re: autoreply and DKIM signature ?

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Chris Siebenmann
Date:  
À: Kurt Jaeger
CC: Chris Siebenmann, exim-users
Sujet: [exim] Re: autoreply and DKIM signature ?
> > As a practical matter, we[*] have observed GMail rejecting email
> > messages with claims that they are doing so because the DKIM signature
> > domain didn't match the From: domain. After observing this, we switched
> > to signing messages with a domain that matched the From: (and generally
> > not signing them if we had no such match, even though we could have
> > signed them as our main domain name).
>
> How do you do that for autoreply mails ? Do you use the exim
> autoreply driver or do you use something else to be able
> to sign it as needed ?


In our SMTP transport, we look up the DKIM domain to sign as in a file,
based on the Mail-From. For example (from a mail submission machine that
doesn't generate local autoreplies or the like):

  dkim_domain = ${if match_domain{${domain:$return_path}}{+local_domains} \
                 {${lookup{${domain:$h_from:}}nwildlsearch{DKIMDOMAINSFILE} {$value} {}}} \
                 {}}


The DKIM domains file allows for wild cards, but normal entries are:
    cs.toronto.edu    cs.toronto.edu


It is deliberate that we only DKIM sign outgoing messages if they have a
Mail-From of a matching domain and an envelope sender that is one of our
domains. You would need to change this so that it accepted the null
envelope sender (this is from a mail submission machine that doesn't
expect to see null senders).

    - cks


--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@???
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/