Re: [exim] Help with dual-key DKIM

Mon, 26 Jul 2021 10:22:49 -0700 

Thank you all very much for your pointers.

I switched to SQLite with the following schema:

CREATE TABLE `dkim` (
    `domain`    INTEGER NOT NULL,
    `selector`    TEXT,
    `privkey`    TEXT,
    `strict`    INTEGER NOT NULL DEFAULT 0,
    `canon`    TEXT DEFAULT 'relaxed'
);

An example row:

domain=example.com selector=20210724_1_rsa 
privkey=example.com/example.com_20210724_1_rsa.pem strict=0 canon=relaxed

This is my new config:

DKIM_DOMAIN = ${lc:${domain:$h_from:}}
DKIM_SELECTOR = <\n ${lookup sqlite {/etc/exim4/dkim/KeyTable.db select 
selector from dkim where domain='$dkim_domain';}{$value}fail}
DKIM_FILE = ${lookup sqlite {/etc/exim4/dkim/KeyTable.db select privkey from 
dkim where domain='$dkim_domain' and 
selector='$dkim_selector';}{/etc/exim4/dkim/$value}fail}
DKIM_PRIVATE_KEY = ${if exists{DKIM_FILE}{DKIM_FILE}{0}}
DKIM_CANON = ${lookup sqlite {/etc/exim4/dkim/KeyTable.db select canon from 
dkim where domain='$dkim_domain' and selector='$dkim_selector';}{$value}fail}
DKIM_STRICT = ${lookup sqlite {/etc/exim4/dkim/KeyTable.db select strict from 
dkim where domain='$dkim_domain' and selector='$dkim_selector';}{$value}fail}

This config successfully dual signs messages with both RSA and ed25519 keys. 
Note I am not using sqlite_dbfile because Debian stable has Exim v4.92 at the 
moment.

I originally attempted CDB and couldn't get it all to work, but I like SQLite a 
bit better since it is a bit less tedious to update/edit. It would be nice to 
know if there is a speed difference, though this is a very small, personal mail 
server so it won't matter much in this particular case. I suppose Redis would 
be the fastest, but that is no longer as simple as a single-file DB.

Thanks again,
Perry

On 7/26/21 9:27 AM, Jeremy Harris via Exim-users wrote:

On 26/07/2021 14:16, Graeme Fowler via Exim-users wrote:

So… if there are lines after the first match, they’ll never be reached. As 
Jeremy states, wrong tool for the job.

If you want to persevere with lsearch, make your key (the bit before the colon) 
unique and set multiple values,


The alternative will be something closer to a real database (than the flat file 
accessed
by lsearch), which can return multiple results for a single query.  Sqlite, 
CDB, LMDB, Postgres, etc.


--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Reply via email to