diff options
author | System administrator | 2019-09-25 18:17:16 +0200 |
---|---|---|
committer | System administrator | 2019-09-25 18:17:16 +0200 |
commit | c7ec57a8c280e1ad8280b87de3548373b35b9cec (patch) | |
tree | 2f4267f9cafe7eda66657e34c49d4353f7fde937 | |
parent | c12008af8fbee9b693b7966daa16219afdbea1ae (diff) | |
download | exim-c7ec57a8c280e1ad8280b87de3548373b35b9cec.tar.gz |
transports: tweak dkim-signed headers for mailing lists
-rw-r--r-- | conf.d/040_transports.conf | 19 |
1 files changed, 10 insertions, 9 deletions
diff --git a/conf.d/040_transports.conf b/conf.d/040_transports.conf index 543671f..01de429 100644 --- a/conf.d/040_transports.conf +++ b/conf.d/040_transports.conf | |||
@@ -22,16 +22,17 @@ remote_smtp: | |||
22 | 22 | ||
23 | 23 | ||
24 | # Sign outgoing mail with DKIM. | 24 | # Sign outgoing mail with DKIM. |
25 | # Only mail sent by authenticated users is signed, leaving forwarded mail untouched. | 25 | # Only mail sent by authenticated users is signed, leaving forwarded mail |
26 | # The "Sender" header is excluded from the signature process, allowing mailing list | 26 | # untouched. |
27 | # servers to forward messages without invalidating the signature. | 27 | # The "Sender" and "List-*" headers are excluded from the signature process |
28 | # if they are not already present, allowing mailing list servers to forward | ||
29 | # messages without invalidating the signature. | ||
30 | # Default _DKIM_SIGN_HEADERS: | ||
31 | # https://github.com/Exim/exim/blob/042e558/src/src/pdkim/pdkim.h#L29-L36 | ||
28 | # ref: https://www.spinics.net/lists/linux-media/msg138870.html | 32 | # ref: https://www.spinics.net/lists/linux-media/msg138870.html |
33 | # ref: https://lists.gt.net/exim/users/110610#110610 | ||
29 | 34 | ||
30 | .ifdef _DKIM_SIGN_HEADERS | 35 | DKIM_SIGN_HEADERS = From:=Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:=List-Id:=List-Help:=List-Unsubscribe:=List-Subscribe:=List-Post:=List-Owner:=List-Archive |
31 | DKIM_SIGN_HEADERS = _DKIM_SIGN_HEADERS | ||
32 | .else | ||
33 | DKIM_SIGN_HEADERS = In-Reply-To:Content-Transfer-Encoding:Content-Type:MIME-Version:References:Message-ID:Subject:To:From:Date:Sender:Reply-To:Cc:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive | ||
34 | .endif | ||
35 | 36 | ||
36 | DKIM_PRIVATE_KEY_FILE = DKIMDIR/$dkim_selector._domainkey.$dkim_domain.pem | 37 | DKIM_PRIVATE_KEY_FILE = DKIMDIR/$dkim_selector._domainkey.$dkim_domain.pem |
37 | 38 | ||
@@ -43,7 +44,7 @@ signed_smtp: | |||
43 | dkim_private_key = ${if exists{DKIM_PRIVATE_KEY_FILE}{DKIM_PRIVATE_KEY_FILE}{0}} | 44 | dkim_private_key = ${if exists{DKIM_PRIVATE_KEY_FILE}{DKIM_PRIVATE_KEY_FILE}{0}} |
44 | dkim_canon = relaxed | 45 | dkim_canon = relaxed |
45 | dkim_strict = yes | 46 | dkim_strict = yes |
46 | dkim_sign_headers = ${filter{DKIM_SIGN_HEADERS}{!eq{$item}{Sender}}} | 47 | dkim_sign_headers = DKIM_SIGN_HEADERS |
47 | 48 | ||
48 | 49 | ||
49 | # This transport is used for local delivery to user mailboxes in traditional | 50 | # This transport is used for local delivery to user mailboxes in traditional |