AARGHH!!!! Looks like it was a horrible combination of:
- a typo in the name of the key file (so Exim couldn't find it so wasn't signing), and - it appears the debug_print gets actioned before the dkim_domain and dkim_selector options, meaning it's before the variables get their values assigned. Groan! At least I can go home happy now though. Cheers, Mike B-) PS: Jeremy… I'm guessing the "should" should be a "can"? (But not a can-can, of course. 💃💃💃) On 19 January 2016 at 17:25, Mike Brudenell <[email protected]> wrote: > Hi, all - > > I'm sure I must be missing something obvious, but it's defeating me… > > I'm experimenting on a test server, trying to add DKIM signing to messages > going out through a transport named remote_smtp_dkim. That transport looks > like this: > > remote_smtp_dkim: > driver = smtp > dkim_domain = york.ac.uk > dkim_selector = 20160118 > debug_print = remote_smtp_dkim : '$dkim_domain' : '$dkim_selector' > : '/etc/exim4/dkim/$dkim_domain-$dkim_selector.pem' > dkim_private_key = ${if > exists{/etc/exim4/dkim/$dkim_domain-$dkim_selector.pem} \ > > {/etc/exim4/dkim/$dkim_domain-$dkim_selector.pem}} > dkim_canon = relaxed > dkim_strict = false > > (It'll get fancier over time; I'm just trying to get even one message > signed to start with!) > > Sending a message through does not sign it. (And yes, my routers call this > transport! :-) > > Running Exim in Debug mode (with "-d -bd" on the command line) and using > telnet to construct a message through it shows this logging, which includes > the output from the debug_print directive… > > 25638 >>>>>>>>>>>>>>>> Remote deliveries >>>>>>>>>>>>>>>> > 25638 --------> [email protected] <-------- > 25638 search_tidyup called > 25638 set_process_info: 25638 delivering 1aLZr4-0006fR-7X: waiting for a > remote delivery subprocess to finish > 25638 selecting on subprocess pipes > 25640 changed uid/gid: remote delivery to [email protected] with > transport=remote_smtp_dkim > 25640 uid=110 gid=118 pid=25640 > 25640 auxiliary group list: <none> > 25640 set_process_info: 25640 delivering 1aLZr4-0006fR-7X using > remote_smtp_dkim > 25640 remote_smtp_dkim : '' : '' : '/etc/exim4/dkim/-.pem' > 25640 remote_smtp_dkim transport entered > … > > Note that where I use debug_print to output the values of $dkim_domain and > $dkim_selector I'm getting empty strings which, coupled with the resulting > non-existent filename, leads to the message not being signed. > > But the Exim Specification says for the dkim_domain and dkim_selector > directives… > > Signing is implemented by setting private options on the SMTP transport. > These options take (expandable) strings as arguments. > > dkim_domain > > MANDATORY: The domain you want to sign with. The result of this expanded > option is put into the $dkim_domain expansion variable. > > dkim_selector > > MANDATORY: This sets the key selector string. You can use the $dkim_domain > expansion variable to look up a matching selector. The result is put in > the expansion variable $dkim_selector which should be used in the > dkim_private_key > option along with $dkim_domain. > > From which I'm expecting the values I set using the options within the > remote_smtp_dkim transport to be available within the matching variables. > But they're not! > > What am I missing? > > Cheers, > Mike B-) > > -- > Systems Administrator & Change Manager > IT Services, University of York, Heslington, York YO10 5DD, UK > Tel: +44-(0)1904-323811 > > Web: www.york.ac.uk/it-services > Disclaimer: www.york.ac.uk/docs/disclaimer/email.htm > -- Systems Administrator & Change Manager IT Services, University of York, Heslington, York YO10 5DD, UK Tel: +44-(0)1904-323811 Web: www.york.ac.uk/it-services Disclaimer: www.york.ac.uk/docs/disclaimer/email.htm -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
