Exclude Sender header from DKIM signing

author: pacien 2018-09-03 03:48:13 +0200
committer: pacien 2018-09-03 03:48:13 +0200
commit: c4c5865bb0c866ca1607d799c43b741614d1db6f (patch)
tree: fef31526d3bb2eb984baa2b7636cd3a09bba8636
parent: 6384276facbbeb8d3748243a884e6aa96e8aec0e (diff)
download: exim-c4c5865bb0c866ca1607d799c43b741614d1db6f.tar.gz
1 files changed, 6 insertions, 0 deletions
diff --git a/conf.d/040_transports.conf b/conf.d/040_transports.conf
index 8d57ecc..94d9b88 100644
--- a/conf.d/040_transports.conf
+++ b/conf.d/040_transports.conf
@@ -21,6 +21,11 @@ remote_smtp:
  message_size_limit = ${if > {$max_received_linelength}{998} {1}{0}}
+# Sign outgoing mail with DKIM.
+# Only mail sent by authenticated users is signed, leaving forwarded mail untouched.
+# The "Sender" header is excluded from the signature process, allowing mailing list
+# servers to forward messages without invalidating the signature.
+# ref: https://www.spinics.net/lists/linux-media/msg138870.html
 signed_smtp:
  driver             = smtp
  message_size_limit = ${if > {$max_received_linelength}{998} {1}{0}}
@@ -29,6 +34,7 @@ signed_smtp:
  dkim_private_key   = DKIMDIR/$dkim_selector._domainkey.$dkim_domain.pem
  dkim_canon         = relaxed
  dkim_strict        = yes
+  dkim_sign_headers  = ${filter{_DKIM_SIGN_HEADERS}{!eq{$item}{Sender}}}
 # This transport is used for local delivery to user mailboxes in traditional
author	pacien	2018-09-03 03:48:13 +0200
committer	pacien	2018-09-03 03:48:13 +0200
commit	c4c5865bb0c866ca1607d799c43b741614d1db6f (patch)
tree	fef31526d3bb2eb984baa2b7636cd3a09bba8636
parent	6384276facbbeb8d3748243a884e6aa96e8aec0e (diff)
download	exim-c4c5865bb0c866ca1607d799c43b741614d1db6f.tar.gz