summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSystem administrator2019-09-25 18:17:16 +0200
committerSystem administrator2019-09-25 18:17:16 +0200
commitc7ec57a8c280e1ad8280b87de3548373b35b9cec (patch)
tree2f4267f9cafe7eda66657e34c49d4353f7fde937
parentc12008af8fbee9b693b7966daa16219afdbea1ae (diff)
downloadexim-c7ec57a8c280e1ad8280b87de3548373b35b9cec.tar.gz
transports: tweak dkim-signed headers for mailing lists
-rw-r--r--conf.d/040_transports.conf19
1 files changed, 10 insertions, 9 deletions
diff --git a/conf.d/040_transports.conf b/conf.d/040_transports.conf
index 543671f..01de429 100644
--- a/conf.d/040_transports.conf
+++ b/conf.d/040_transports.conf
@@ -22,16 +22,17 @@ remote_smtp:
22 22
23 23
24# Sign outgoing mail with DKIM. 24# Sign outgoing mail with DKIM.
25# Only mail sent by authenticated users is signed, leaving forwarded mail untouched. 25# Only mail sent by authenticated users is signed, leaving forwarded mail
26# The "Sender" header is excluded from the signature process, allowing mailing list 26# untouched.
27# servers to forward messages without invalidating the signature. 27# The "Sender" and "List-*" headers are excluded from the signature process
28# if they are not already present, allowing mailing list servers to forward
29# messages without invalidating the signature.
30# Default _DKIM_SIGN_HEADERS:
31# https://github.com/Exim/exim/blob/042e558/src/src/pdkim/pdkim.h#L29-L36
28# ref: https://www.spinics.net/lists/linux-media/msg138870.html 32# ref: https://www.spinics.net/lists/linux-media/msg138870.html
33# ref: https://lists.gt.net/exim/users/110610#110610
29 34
30.ifdef _DKIM_SIGN_HEADERS 35DKIM_SIGN_HEADERS = From:=Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:=List-Id:=List-Help:=List-Unsubscribe:=List-Subscribe:=List-Post:=List-Owner:=List-Archive
31DKIM_SIGN_HEADERS = _DKIM_SIGN_HEADERS
32.else
33DKIM_SIGN_HEADERS = In-Reply-To:Content-Transfer-Encoding:Content-Type:MIME-Version:References:Message-ID:Subject:To:From:Date:Sender:Reply-To:Cc:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive
34.endif
35 36
36DKIM_PRIVATE_KEY_FILE = DKIMDIR/$dkim_selector._domainkey.$dkim_domain.pem 37DKIM_PRIVATE_KEY_FILE = DKIMDIR/$dkim_selector._domainkey.$dkim_domain.pem
37 38
@@ -43,7 +44,7 @@ signed_smtp:
43 dkim_private_key = ${if exists{DKIM_PRIVATE_KEY_FILE}{DKIM_PRIVATE_KEY_FILE}{0}} 44 dkim_private_key = ${if exists{DKIM_PRIVATE_KEY_FILE}{DKIM_PRIVATE_KEY_FILE}{0}}
44 dkim_canon = relaxed 45 dkim_canon = relaxed
45 dkim_strict = yes 46 dkim_strict = yes
46 dkim_sign_headers = ${filter{DKIM_SIGN_HEADERS}{!eq{$item}{Sender}}} 47 dkim_sign_headers = DKIM_SIGN_HEADERS
47 48
48 49
49# This transport is used for local delivery to user mailboxes in traditional 50# This transport is used for local delivery to user mailboxes in traditional