Re: [exim] DKIM and debian buster...

Mon, 06 Jul 2020 16:11:20 -0700 



On 02/07/2020 23:11, Marco Gaiarin via Exim-users wrote:

I'm used, in exim on debian stretch (4.89-2+deb9u7) add something like:

        DKIM_CANON = relaxed
        DKIM_SELECTOR = 2020
        DKIM_DOMAIN = ${lc:${domain:$h_from:}}
        DKIM_PRIVATE_KEY = ${if 
exists{/etc/exim4/dkim/DKIM_DOMAIN-DKIM_SELECTOR-private.pem}{/etc/exim4/dkim/DKIM_DOMAIN-DKIM_SELECTOR-private.pem}{0}}

to enable DKIM for selected 'from' addresses in my servers, using predefined
'.ifdef' in predefined debian transports.


I think you can say:

    DKIM_SELECTOR = "2020"


    DKIM_PRIVATE_KEY = 
/etc/exim4/dkim/DKIM_DOMAIN-DKIM_SELECTOR-private.pem



and Exim's business logic will get it correct, i.e. if it finds a key it 
will sign with it otherwise it wont attempt to sign.  The other thing is 
that your key needs to be readable by whatever UID/GID Exim is running as.



I used this approach for several domains up to about 6 months ago and it 
"just worked" for me - I now have everything in a MySQL database and use 
this:



begin transports

#
# This transport is used for delivering messages over SMTP connections
# with DKIM signatures on the outgoing mail for multiple domains that
# are handled dynamically, on-the-fly, from the MySQL database table
# called 'dkim'.
#
# We obtain the domain name from the 'from' header and convert it to lower
# case. We then use this as the key for selecting DKIM attributes.
#
remote_smtp:
        driver = smtp
        dkim_domain = ${lc:${domain:$h_from:}}

        dkim_selector = ${lookup mysql{SELECT selector FROM dkim WHERE 
domain='${quote_mysql:${dkim_domain}}' AND active=1}{$value}{false}}
        dkim_canon = ${lookup mysql{SELECT canon FROM dkim WHERE 
domain='${quote_mysql:${dkim_domain}}' AND active=1}{$value}{false}}
        dkim_hash = ${lookup mysql{SELECT hash FROM dkim WHERE 
domain='${quote_mysql:${dkim_domain}}' AND active=1}{$value}{false}}
        dkim_private_key = ${lookup mysql{SELECT private_key FROM dkim 
WHERE domain='${quote_mysql:${dkim_domain}}' AND active=1}{$value}{false}}

        dkim_strict = 0



Mike


--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/






















					Reply via email to