Re: DKIM, multiple domains, same server -- want to always sign, not just for remote delivery
Hi.
On Thu, Aug 22, 2019 at 07:27:23PM +1000, Andrew McGlashan wrote:
> I have DKIM setup, however, it only signs messages that are being
> delivered via SMTP to another server.
Your DKIM policy is somewhat unusual. You sign transport headers
(Resent-From et al), headers inserted by list MTA (List-Subscribe,
List-Archive). Modification of these is something that's expected if
using any maillist, so DKIM checks are bound to fail.
For the comparison, I use this set of headers for DKIM signing:
DKIM_SIGN_HEADERS=In-Reply-To:Content-Type:MIME-Version:References:Message-ID:Subject:To:From:Date:Sender:Cc:Content-Transfer-Encoding:Content-ID:Content-Description:User-Agent
Also, "Autocrypt: prefer-encrypt=mutual" for a list mail?
> Why is it not valid to sign to the same domain name and/or other
> domain names served by the same mail server and NOT having to make an
> SMTP outgoing connection?
Because stock exim4 macros are supposed to do so for remote MTAs only,
see /etc/exim4/conf.d/transport/30_exim4-config_remote_smtp*.
> How can I adjust exim4 so that it will sign ALL outgoing emails, even
> if "outgoing" is only to the same server to another within the same
> and/or different domain name(s) ... ?
No easy way of doing this. "Outgoing to the same server" equals "local
delivery", and local delivery is run for any inbound mail too.
You could write some kludge that calls DKIM signing by analyzing
Received header, but that's fragile at best.
Reco
Reply to:
- Prev by Date:
Re: DKIM, multiple domains, same server -- want to always sign, not just for remote delivery
- Next by Date:
Package selection for bugreport (suspend, BIOS option, Interrupt remapping)
- Previous by thread:
Re: DKIM, multiple domains, same server -- want to always sign, not just for remote delivery
- Next by thread:
Re: DKIM, multiple domains, same server -- want to always sign, not just for remote delivery
- Index(es):