[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

DKIM and Exim (was Re: Gmail bounce unauthenticated @debian.org addresses)

Hi!

On Fri, 2022-03-04 at 14:36:01 +0000, Colin Watson wrote:
> I reproduced a similar problem, then set up DKIM for myself and
> everything then worked, so I think you're correct.
> 
> The links in the original d-d-a email were mostly stale, but I found
> https://bynicolas.com/server/exim-multi-domain-dkim-custom-selector/
> helpful in getting this going with my local Exim setup.

You might want to also fix the DKIM_SIGN_HEADERS macro in the Exim
config, as its default is currently broken (see #939808). The patch
attached there is not helpful for local usage, so you might want
something like what I've got in my config:

,--- exim4.conf ---
[…]

# The default headers to sign is broken, and includes things that should
# not be signed by default if they are missing, or they will break mailing
# lists.
DKIM_SIGN_HEADERS = \
  From:From:Reply-To:Subject:Subject:Date:Message-ID:To:Cc:MIME-Version:\
  Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description:\
  In-Reply-To:References:X-Debbugs-Cc:\
  =Sender:\
  =Resent-Date:=Resent-From:=Resent-Sender:=Resent-To:=Resent-Cc:\
  =Resent-Message-ID:\
  =List-Id:=List-Help:=List-Unsubscribe:=List-Subscribe:=List-Post:\
  =List-Owner:=List-Archive

[…]
`---

Thanks,
Guillem
Reply to: