9

I am trying to add DKIM to my domain, I have created a key, added the following to /etc/exim4/conf.d/transport/30_exim4_config_remote_smtp:

dkim_domain = mydomain.com
dkim_selector = mail1
dkim_private_key = /etc/exim4/dkim.key

Restarted exim service, tried dpkg-reconfigure, but all emails are sent without signature. /var/log/exim4/panic.log is empty. No errors or anything.

What am I doing wrong? Ubuntu 10.04 LTS

### transport/30_exim4-config_remote_smtp
#################################
# This transport is used for delivering messages over SMTP connections.

remote_smtp:
  debug_print = "T: remote_smtp for $local_part@$domain"
  driver = smtp
.ifdef REMOTE_SMTP_HOSTS_AVOID_TLS
  hosts_avoid_tls = REMOTE_SMTP_HOSTS_AVOID_TLS
.endif
.ifdef REMOTE_SMTP_HEADERS_REWRITE
  headers_rewrite = REMOTE_SMTP_HEADERS_REWRITE
.endif
.ifdef REMOTE_SMTP_RETURN_PATH
  return_path = REMOTE_SMTP_RETURN_PATH
.endif
.ifdef REMOTE_SMTP_HELO_DATA
  helo_data=REMOTE_SMTP_HELO_DATA
.endif

dkim_domain = mydomain.com
dkim_selector = mail1
dkim_private_key = /etc/exim4/dkim.key

.ifdef DKIM_CANON
dkim_canon = DKIM_CANON
.endif
.ifdef DKIM_STRICT
dkim_strict = DKIM_STRICT
.endif
.ifdef DKIM_SIGN_HEADERS
dkim_sign_headers = DKIM_SIGN_HEADERS
.endif

Log lines for the email:

2013-03-21 20:25:14 1UIfUY-0008Tz-1g <= nick@mydomain.com U=nick P=local S=365
2013-03-21 20:25:16 1UIfUY-0008Tz-1g => nick@myemail.com R=dnslookup T=remote_smtp H=ASPMX.L.GOOGLE.com [173.194.79.26] X=TLS1.0:RSA_ARCFOUR_SHA1:16 DN="C=US,ST=California,L=Mountain View,O=Google Inc,CN=mx.google.com"
2013-03-21 20:25:16 1UIfUY-0008Tz-1g Completed
firedev
  • 191
  • 5
  • Not enough info to go on yet, I suggest you add the following to your description: 1) the full configuration of the router that calls this transport. 2) the full configuration of this transport. 3) the log lines for an email that you send that show it's using the router and transport you think it is. – Todd Lyons Mar 21 '13 at 12:58
  • Here I have added transport config and a piece of `/var/log/exim4/mainlog`, but I am not sure what router is in use since my Exim configurations skills are quite limited. But I didn't change the default configs, only edited the transport file. – firedev Mar 21 '13 at 13:29
  • 3
    Do you have added the records to the DNS zone? – Kondybas May 15 '15 at 23:16
  • Is your "dkim.key"-file readable for the user exim runs as? – Adrian Zaugg Oct 27 '15 at 00:43
  • Start from the top and follow this guide, https://www.debian-administration.org/article/718/DKIM-signing_outgoing_mail_with_exim4 – Jacob Evans Oct 31 '15 at 15:14

2 Answers2

2

I am using a smarthost and I have the following configuration:

/etc/exim4/conf.d/main/00_local_macros:

DKIM_CANON = relaxed
DKIM_SELECTOR = 12345
DKIM_DOMAIN = ${lc:${domain:$h_from:}}
DKIM_FILE = /etc/exim4/keys/${dkim_domain}/12345.private
DKIM_PRIVATE_KEY = ${if exists{DKIM_FILE}{DKIM_FILE}{0}}

Then in /etc/exim4/conf.d/transport/30_exim4-config_remote_smtp_smarthost:

.ifdef DKIM_DOMAIN
dkim_domain = DKIM_DOMAIN
.endif
.ifdef DKIM_SELECTOR
dkim_selector = DKIM_SELECTOR
.endif
.ifdef DKIM_PRIVATE_KEY
dkim_private_key = DKIM_PRIVATE_KEY
.endif
.ifdef DKIM_CANON
dkim_canon = DKIM_CANON
.endif
.ifdef DKIM_STRICT
dkim_strict = DKIM_STRICT
.endif
.ifdef DKIM_SIGN_HEADERS
dkim_sign_headers = DKIM_SIGN_HEADERS
.endif
Бенджамин Томпсон
  • 21
  • 2
0

I'm not an exim expert, but the guide I found references a macro table, 

/etc/exim4/conf.d/main/00_local_macros

and your configuration references ifdef DKIM_CANON.

try removing the if statements or adding a macros table.

Weak SHA1, but still. DKIM-signing_outgoing_mail_with_exim4

Jacob Evans
  • 7,636
  • 3
  • 25
  • 55