[Pkg-exim4-users] Why the DKIM-Signature header isn't created when a mail is relayed to the smarthost ?

Satoru Otsubo trnsnt at otip.jp
Thu Nov 22 08:31:24 UTC 2012 

Hi,
cu andreas

> 
> Hello,
> No rebuild would be necessary, just changing the configuration.
> 

(1)
Based on your information, and
reading /usr/share/doc/exim4-base/README.Debian.gz,
I compared transport/30_exim4-config_remote_smtp_smarthost with transport/30_exim4-config_remote_smtp, of /etc/exim4/exim4.conf.template.
And I found that DKIM-related configurations lack in transport/30_exim4-config_remote_smtp_smarthost.

(2)
Therefore I modified transport/30_exim4-config_remote_smtp_smarthost as follows:

#####################################################
### transport/30_exim4-config_remote_smtp_smarthost
#####################################################

### transport/30_exim4-config_remote_smtp_smarthost
#################################

# This transport is used for delivering messages over SMTP connections
# to a smarthost. The local host tries to authenticate.
# This transport is used for smarthost and satellite configurations.

remote_smtp_smarthost:
  debug_print = "T: remote_smtp_smarthost for $local_part@$domain"
  driver = smtp
  hosts_try_auth = <; ${if exists{CONFDIR/passwd.client} \
        {\
        ${lookup{$host}nwildlsearch{CONFDIR/passwd.client}{$host_address}}\
        }\
        {} \
      }
.ifdef REMOTE_SMTP_SMARTHOST_HOSTS_AVOID_TLS
  hosts_avoid_tls = REMOTE_SMTP_SMARTHOST_HOSTS_AVOID_TLS
.endif
.ifdef REMOTE_SMTP_HEADERS_REWRITE
  headers_rewrite = REMOTE_SMTP_HEADERS_REWRITE
.endif
.ifdef REMOTE_SMTP_RETURN_PATH
  return_path = REMOTE_SMTP_RETURN_PATH
.endif
.ifdef REMOTE_SMTP_HELO_DATA
  helo_data=REMOTE_SMTP_HELO_DATA
.endif
.ifdef DKIM_DOMAIN
dkim_domain = DKIM_DOMAIN
.endif
.ifdef DKIM_SELECTOR
dkim_selector = DKIM_SELECTOR
.endif
.ifdef DKIM_PRIVATE_KEY
dkim_private_key = DKIM_PRIVATE_KEY
.endif
.ifdef DKIM_CANON
dkim_canon = DKIM_CANON
.endif
.ifdef DKIM_STRICT
dkim_strict = DKIM_STRICT
.endif
.ifdef DKIM_SIGN_HEADERS
dkim_sign_headers = DKIM_SIGN_HEADERS
.endif
#####################################################
### end transport/30_exim4-config_remote_smtp_smarthost
#####################################################

And
#  /etc/init.d/exim4 restart

(3)
Then, I emailed from the host(a.b.c.d) to check-auth at verifier.port25.com, which automatically sends back the result, along with the original email headers.

And I found the following:
----------------------------------------------------------
DKIM check details:
----------------------------------------------------------
Result:         permerror (key "x._domainkey.otip.jp" doesn't exist)


And I found a DKIM-Signature header in the original email headers.

(Therefore, I expect that DKIM check will turn into pass after x._domainkey.otip.jp is advertised.)


The procedure (2) is right ?
Will any problems occur by having added the DKIM-related configurations in transport/30_exim4-config_remote_smtp_smarthost ?
Are there any ways other than (2) to attach the DKIM-Signature header ?


Thanks,
Satoru

More information about the Pkg-exim4-users mailing list