diff options
| author | System administrator | 2019-09-25 18:17:16 +0200 |
|---|---|---|
| committer | System administrator | 2019-09-25 18:17:16 +0200 |
| commit | c7ec57a8c280e1ad8280b87de3548373b35b9cec (patch) | |
| tree | 2f4267f9cafe7eda66657e34c49d4353f7fde937 | |
| parent | c12008af8fbee9b693b7966daa16219afdbea1ae (diff) | |
| download | exim-c7ec57a8c280e1ad8280b87de3548373b35b9cec.tar.gz | |
transports: tweak dkim-signed headers for mailing lists
| -rw-r--r-- | conf.d/040_transports.conf | 19 |
1 files changed, 10 insertions, 9 deletions
diff --git a/conf.d/040_transports.conf b/conf.d/040_transports.conf index 543671f..01de429 100644 --- a/conf.d/040_transports.conf +++ b/conf.d/040_transports.conf | |||
| @@ -22,16 +22,17 @@ remote_smtp: | |||
| 22 | 22 | ||
| 23 | 23 | ||
| 24 | # Sign outgoing mail with DKIM. | 24 | # Sign outgoing mail with DKIM. |
| 25 | # Only mail sent by authenticated users is signed, leaving forwarded mail untouched. | 25 | # Only mail sent by authenticated users is signed, leaving forwarded mail |
| 26 | # The "Sender" header is excluded from the signature process, allowing mailing list | 26 | # untouched. |
| 27 | # servers to forward messages without invalidating the signature. | 27 | # The "Sender" and "List-*" headers are excluded from the signature process |
| 28 | # if they are not already present, allowing mailing list servers to forward | ||
| 29 | # messages without invalidating the signature. | ||
| 30 | # Default _DKIM_SIGN_HEADERS: | ||
| 31 | # https://github.com/Exim/exim/blob/042e558/src/src/pdkim/pdkim.h#L29-L36 | ||
| 28 | # ref: https://www.spinics.net/lists/linux-media/msg138870.html | 32 | # ref: https://www.spinics.net/lists/linux-media/msg138870.html |
| 33 | # ref: https://lists.gt.net/exim/users/110610#110610 | ||
| 29 | 34 | ||
| 30 | .ifdef _DKIM_SIGN_HEADERS | 35 | DKIM_SIGN_HEADERS = From:=Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:=List-Id:=List-Help:=List-Unsubscribe:=List-Subscribe:=List-Post:=List-Owner:=List-Archive |
| 31 | DKIM_SIGN_HEADERS = _DKIM_SIGN_HEADERS | ||
| 32 | .else | ||
| 33 | DKIM_SIGN_HEADERS = In-Reply-To:Content-Transfer-Encoding:Content-Type:MIME-Version:References:Message-ID:Subject:To:From:Date:Sender:Reply-To:Cc:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive | ||
| 34 | .endif | ||
| 35 | 36 | ||
| 36 | DKIM_PRIVATE_KEY_FILE = DKIMDIR/$dkim_selector._domainkey.$dkim_domain.pem | 37 | DKIM_PRIVATE_KEY_FILE = DKIMDIR/$dkim_selector._domainkey.$dkim_domain.pem |
| 37 | 38 | ||
| @@ -43,7 +44,7 @@ signed_smtp: | |||
| 43 | dkim_private_key = ${if exists{DKIM_PRIVATE_KEY_FILE}{DKIM_PRIVATE_KEY_FILE}{0}} | 44 | dkim_private_key = ${if exists{DKIM_PRIVATE_KEY_FILE}{DKIM_PRIVATE_KEY_FILE}{0}} |
| 44 | dkim_canon = relaxed | 45 | dkim_canon = relaxed |
| 45 | dkim_strict = yes | 46 | dkim_strict = yes |
| 46 | dkim_sign_headers = ${filter{DKIM_SIGN_HEADERS}{!eq{$item}{Sender}}} | 47 | dkim_sign_headers = DKIM_SIGN_HEADERS |
| 47 | 48 | ||
| 48 | 49 | ||
| 49 | # This transport is used for local delivery to user mailboxes in traditional | 50 | # This transport is used for local delivery to user mailboxes in traditional |