Bug#625782: exim4-config: dkim should not try sign when forwarding

Andrew Pimlott andrew at pimlott.net
Thu May 5 21:40:25 UTC 2011 

Package: exim4-config
Version: 4.72-6
Severity: normal

I have dkim signing enabled using the debian DKIM_* macros.  When mail
is forwarded using .forward, exim still tries to look up a key for the
domain.  When it fails, it logs a warning that goes both to mainlog and
paniclog.  (I think the latter is a separate issue, bug 567876.)

I can't immediately figure out how to disable signing for forwarded
messages.  If you can give me a hint as to how I might accomplish this,
I'll try to work it out.  It seems like this should be the default,
since forwarded mails are not generally from a domain I control, and
they should have already been signed upstream.

Andrew

-- Package-specific info:
Exim version 4.72 #1 built 31-Jan-2011 19:18:05
Copyright (c) University of Cambridge, 1995 - 2007
Berkeley DB: Berkeley DB 4.8.30: (April  9, 2010)
Support for: crypteq iconv() IPv6 GnuTLS move_frozen_messages DKIM
Lookups: lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmnz dnsdb dsearch nis nis0 passwd
Authenticators: cram_md5 plaintext
Routers: accept dnslookup ipliteral manualroute queryprogram redirect
Transports: appendfile/maildir/mailstore autoreply lmtp pipe smtp
Fixed never_users: 0
Size of off_t: 8
GnuTLS compile-time version: 2.8.6
GnuTLS runtime version: 2.8.6
Configuration file is /var/lib/exim4/config.autogenerated
# /etc/exim4/update-exim4.conf.conf
#
# Edit this file and /etc/mailname by hand and execute update-exim4.conf
# yourself or use 'dpkg-reconfigure exim4-config'
#
# Please note that this is _not_ a dpkg-conffile and that automatic changes
# to this file might happen. The code handling this will honor your local
# changes, so this is usually fine, but will break local schemes that mess
# around with multiple versions of the file.
#
# update-exim4.conf uses this file to determine variable values to replace
# the DEBCONFsomethingDEBCONF strings in the configuration template files.
#
# Most settings found in here do have corresponding questions in the
# Debconf configuration, but not all of them.
#
# This is a Debian specific file

dc_eximconfig_configtype='internet'
dc_other_hostnames='pimlott.net;madstop.net'
dc_local_interfaces=''
dc_readhost=''
dc_relay_domains=''
dc_minimaldns='false'
dc_relay_nets=''
dc_smarthost=''
CFILEMODE='644'
dc_use_split_config='true'
dc_hide_mailname=''
dc_mailname_in_oh='true'
dc_localdelivery='mail_spool'
mailname:pimlott.net

-- System Information:
Debian Release: 6.0.1
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 2.6.30.5-xenU (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages exim4-config depends on:
ii  adduser                       3.112+nmu2 add and remove users and groups
ii  debconf [debconf-2.0]         1.5.36.1   Debian configuration management sy

exim4-config recommends no packages.

exim4-config suggests no packages.

-- Configuration Files:
/etc/exim4/conf.d/auth/30_exim4-config_examples changed:
plain_server:
  driver = plaintext
  public_name = PLAIN
  server_condition = "${if crypteq{$auth3}{${extract{1}{:}{${lookup{$auth2}lsearch{CONFDIR/passwd}{$value}{*:*}}}}}{1}{0}}"
  server_set_id = $auth2
  server_prompts = :
  .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
  server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}
  .endif
cram_md5:
  driver = cram_md5
  public_name = CRAM-MD5
  client_name = ${extract{1}{:}{${lookup{$host}nwildlsearch{CONFDIR/passwd.client}{$value}fail}}}
  client_secret = ${extract{2}{:}{${lookup{$host}nwildlsearch{CONFDIR/passwd.client}{$value}fail}}}
PASSWDLINE=${sg{\
                ${lookup{$host}nwildlsearch{CONFDIR/passwd.client}{$value}fail}\
	        }\
	        {\\N[\\^]\\N}\
	        {^^}\
	    }
plain:
  driver = plaintext
  public_name = PLAIN
.ifndef AUTH_CLIENT_ALLOW_NOTLS_PASSWORDS
  client_send = "<; ${if !eq{$tls_cipher}{}\
                    {^${extract{1}{:}{PASSWDLINE}}\
		     ^${sg{PASSWDLINE}{\\N([^:]+:)(.*)\\N}{\\$2}}\
		   }fail}"
.else
  client_send = "<; ^${extract{1}{:}{PASSWDLINE}}\
		    ^${sg{PASSWDLINE}{\\N([^:]+:)(.*)\\N}{\\$2}}"
.endif
login:
  driver = plaintext
  public_name = LOGIN
.ifndef AUTH_CLIENT_ALLOW_NOTLS_PASSWORDS
  # Return empty string if not non-TLS AND looking up $host in passwd-file
  # yields a non-empty string; fail otherwise.
  client_send = "<; ${if and{\
                          {!eq{$tls_cipher}{}}\
                          {!eq{PASSWDLINE}{}}\
                         }\
                      {}fail}\
                 ; ${extract{1}{::}{PASSWDLINE}}\
		 ; ${sg{PASSWDLINE}{\\N([^:]+:)(.*)\\N}{\\$2}}"
.else
  # Return empty string if looking up $host in passwd-file yields a
  # non-empty string; fail otherwise.
  client_send = "<; ${if !eq{PASSWDLINE}{}\
                      {}fail}\
                 ; ${extract{1}{::}{PASSWDLINE}}\
		 ; ${sg{PASSWDLINE}{\\N([^:]+:)(.*)\\N}{\\$2}}"
.endif

/etc/exim4/passwd.client [Errno 13] Permission denied: u'/etc/exim4/passwd.client'

-- debconf information:
* exim4/dc_other_hostnames: pimlott.net;madstop.net
* exim4/dc_eximconfig_configtype: internet site; mail is sent and received directly using SMTP
  exim4/dc_noalias_regenerate: false
  exim4/no_config: true
  exim4/hide_mailname:
* exim4/dc_postmaster: andrew
  exim4/dc_smarthost:
* exim4/dc_relay_domains:
* exim4/dc_relay_nets:
* exim4/mailname: pimlott.net
  exim4/dc_readhost:
* exim4/use_split_config: true
  exim4/exim4-config-title:
* exim4/dc_localdelivery: mbox format in /var/mail/
* exim4/dc_local_interfaces:
* exim4/dc_minimaldns: false

More information about the Pkg-exim4-maintainers mailing list