Re: [exim] DKIM signing for multiple domains

Tue, 25 Sep 2018 21:45:14 -0700 

hi!

On 09/25/2018 03:40 PM, Odhiambo Washington via Exim-users wrote:

Suppose I had different dkim_selectors, is there a simple way to work
around that too? :)

Same idea, the option is expandable so you can use a lookup based on
$sender_address_domain
to get the selector.



I've done it the following way, config snippets and script should be 
self explainable. :-)


;=== /etc/exim4/conf.d/main/00_local-config_macros ===
# Enable DKIM
DKIM_DOMAIN = ${sender_address_domain}
#DKIM_DOMAIN = ${lc:${domain:$h_from:}}

DKIM_SELECTOR = 
${lookup{DKIM_DOMAIN}lsearch*{CONFDIR/dkim.d/dkim_selectors}}
DKIM_PRIVATE_KEY = ${if 
exists{CONFDIR/dkim.d/DKIM_DOMAIN.DKIM_SELECTOR.key}{CONFDIR/dkim.d/DKIM_DOMAIN.DKIM_SELECTOR.key}{0}}

DKIM_CANON = relaxed
# we just use the same as Heiko Schlittermann schlittermann.de

DKIM_SIGN_HEADERS = 
In-Reply-To:Content-Type:MIME-Version:References:Message-ID:Subject:To:From:Date:Cc:Content-Description:Content-ID:Content-Transfer-Encoding:Resent-To

;===

you also will have DKIM towards smarthost.
;=== /etc/exim4/conf.d/transport/30_exim4-config_remote_smtp_smarthost ===
.ifdef DKIM_DOMAIN
dkim_domain = DKIM_DOMAIN
.endif
.ifdef DKIM_SELECTOR
dkim_selector = DKIM_SELECTOR
.endif
.ifdef DKIM_PRIVATE_KEY
dkim_private_key = DKIM_PRIVATE_KEY
.endif
.ifdef DKIM_CANON
dkim_canon = DKIM_CANON
.endif
.ifdef DKIM_STRICT
dkim_strict = DKIM_STRICT
.endif
.ifdef DKIM_SIGN_HEADERS
dkim_sign_headers = DKIM_SIGN_HEADERS
.endif
;===

create dkim keys.
;===
!#/bin/bash
DOMAIN=$1
SELECTOR=dflt
KEYSIZE=2048
DKIMDIR=dkim.d
cd /etc/exim4
mkdir $DKIMDIR
openssl genrsa -out $DKIMDIR/$DOMAIN.$SELECTOR.key $KEYSIZE

openssl rsa -in $DKIMDIR/$DOMAIN.$SELECTOR.key -out 
$DKIMDIR/$DOMAIN.$SELECTOR.pub -pubout -outform PEM

echo -e "$DOMAIN:\t$SELECTOR" >> $DKIMDIR/dkim_selectors
chown -R root:Debian-exim $DKIMDIR
chmod 640 $DKIMDIR/*.key
chmod 644 $DKIMDIR/*.pub $DKIMDIR/dkim_selectors
chmod 755 $DKIMDIR
;===

sorry for the linewraps, see also https://wiki.kmp.or.at/EximConfig#DKIM

galiegrü, Klaus

--
Klaus Maria Pfeiffer
chat: xmpp:[email protected]
blog: http://blog.kmp.or.at/
twitter: @hoedlmoser


--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/






















					Reply via email to