I've been scratching my head on this one for a few days now. I'm using Exim 4.72
If I send a message to my exim server where I'm signing the From header, I get: [verification failed - signature did not verify (headers probably modified in transit)] If I resend the same exact message except not signing the From header, I get: [verification succeeded] If I run exim with the -d flag set, and I'm seeing the following in the middle of the DKIM verification process. 10014 rewrite_one_header: type=T: 10014 To: [email protected] 10014 rewrite_one_header: type=F: 10014 From: [email protected] 10014 search_tidyup called 10014 >>Headers after rewriting and local additions: 10014 * Return-Path: <[email protected]> 10014 DKIM-Signature: v=1; a=rsa-sha1; d=client.dkimtest.qa; s=X; c=relaxed/relaxed; ... ... 10014 Date: Fri, 22 Aug 2014 13:46:04 -0400 ... 10014 T To: [email protected] 10014 F From: [email protected] 10014 Subject: Domainkey verification test for node Fri, 22 Aug 2014 13:46:04 -0400 10014 10014 Data file written for message 1XKsuZ-0002bW-M5 Is there any way to disable address rewriting completely? The documentation ( http://www.exim.org/exim-html-4.72/doc/html/spec_html/ch-address_rewriting.html#SECID148) mentions something about no_rewrite, but I can't seem to get that to work. I don't currently have an acl_smtp_dkim section in my conf file, so I'm using default settings there. Maybe there's an option there that I'm missing in the documentation that needs to be set to prevent this? Or if not, is there a way to change when the addresses get rewritten? It seems exim is starting on the DKIM verification, extracts the signature, receives the headers, *rewrites the from and to headers*, then validates the signature against the key in DNS, which fails since we signed the from header which has not been rewritten. Thanks for your help! -Anthony -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
