> > As a practical matter, we[*] have observed GMail rejecting email
> > messages with claims that they are doing so because the DKIM signature
> > domain didn't match the From: domain. After observing this, we switched
> > to signing messages with a domain that matched the From: (and generally
> > not signing them if we had no such match, even though we could have
> > signed them as our main domain name).
>
> How do you do that for autoreply mails ? Do you use the exim
> autoreply driver or do you use something else to be able
> to sign it as needed ?
In our SMTP transport, we look up the DKIM domain to sign as in a file,
based on the Mail-From. For example (from a mail submission machine that
doesn't generate local autoreplies or the like):
dkim_domain = ${if match_domain{${domain:$return_path}}{+local_domains} \
{${lookup{${domain:$h_from:}}nwildlsearch{DKIMDOMAINSFILE} {$value} {}}} \
{}}
The DKIM domains file allows for wild cards, but normal entries are:
cs.toronto.edu cs.toronto.edu
It is deliberate that we only DKIM sign outgoing messages if they have a
Mail-From of a matching domain and an envelope sender that is one of our
domains. You would need to change this so that it accepted the null
envelope sender (this is from a mail submission machine that doesn't
expect to see null senders).
- cks
--
## subscription configuration (requires account):
##
https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@???
## Exim details at
http://www.exim.org/
## Please use the Wiki with this list -
http://wiki.exim.org/
