Debian – Exim4 doesn’t add DKIM signatures

I cannot overcome a problem with exim – it's not adding DKIM headers to my outgoing mail.

support:~# cat /etc/issue
Debian GNU/Linux 7 \n \l
support:~# dpkg -l|grep exim
ii  exim4                                4.80-7                        all          metapackage to ease Exim MTA (v4) installation

I have generated a key and added it to DNS

support:~# ll /etc/exim4/dkim/
/root
total 16K
-r--r----- 1 Debian-exim Debian-exim  887 Jan 21 22:39 mmdsmart.com.key
-r--r----- 1 Debian-exim Debian-exim  299 Jan 21 22:39 mail.txt

support:/etc/exim4/dkim# openssl rsa -in mmdsmart.com.key -pubout
writing RSA key
-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC6HZSRvbNUuWnQEVSY5MfSWEn+
BkgcKD2bA0IOrIgiUef93QdpTDqU1zmVg2ozfBUfWx5gqhmvpt0pg7urClWCvEZn
hOfR8mLatgTCs5BuPCVFNbAwKbsahwQ6JYxCcieaCpRP3roqPdbcU1qGhEkyECu1
hQ7nnIEejYXIpC4l9wIDAQAB
-----END PUBLIC KEY-----

support:/etc/exim4/dkim# cat mail.txt
mail._domainkey IN TXT "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC6HZSRvbNUuWnQEVSY5MfSWEn+BkgcKD2bA0IOrIgiUef93QdpTDqU1zmVg2ozfBUfWx5gqhmvpt0pg7urClWCvEZnhOfR8mLatgTCs5BuPCVFNbAwKbsahwQ6JYxCcieaCpRP3roqPdbcU1qGhEkyECu1hQ7nnIEejYXIpC4l9wIDAQAB" ; ----- DKIM key mail for mmdsmart.com

support:/etc/exim4/dkim# dig txt mail._domainkey.mmdsmart.com

; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> txt mail._domainkey.mmdsmart.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20983
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;mail._domainkey.mmdsmart.com.  IN  TXT

;; ANSWER SECTION:
mail._domainkey.mmdsmart.com. 1603 IN   TXT "v=DKIM1\; k=rsa\; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC6HZSRvbNUuWnQEVSY5MfSWEn+BkgcKD2bA0IOrIgiUef93QdpTDqU1zmVg2ozfBUfWx5gqhmvpt0pg7urClWCvEZnhOfR8mLatgTCs5BuPCVFNbAwKbsahwQ6JYxCcieaCpRP3roqPdbcU1qGhEkyECu1hQ7nnIEejYXIpC4l9wIDAQAB"

;; Query time: 2 msec
;; SERVER: 77.247.176.114#53(77.247.176.114)
;; WHEN: Wed Jan 21 23:14:52 2015
;; MSG SIZE  rcvd: 293

After I added stuff to transport (there are tons of manuals over the internets how to configure exim+dkim)

DKIM_DOMAIN = ${lc:${domain:$h_from:}}
dkim_selector = mail
DKIM_FILE = /etc/exim4/dkim/${lc:${domain:$h_from:}}.key
DKIM_PRIVATE_KEY = ${if exists{DKIM_FILE}{DKIM_FILE}{0}}
dkim_canon = simple

Here's what I have in my cfgs:

support:/etc/exim4# grep -r dkim_private_key *
conf.d/transport/30_exim4-config_remote_smtp:dkim_private_key=/etc/exim4/dkim/mmdsmart.com.key
exim4.conf.template:dkim_private_key=/etc/exim4/dkim/mmdsmart.com.key

And this is what I see from exim:

support:/etc/exim4# exim -bP transports|grep dkim
dkim_canon =
dkim_domain =
dkim_private_key =
dkim_selector =
dkim_sign_headers =
dkim_strict =
dkim_canon =
dkim_domain =
dkim_private_key =
dkim_selector =
dkim_sign_headers =
dkim_strict =

Exim info:

support:~# exim -bV
Exim version 4.80 #3 built 02-Jan-2013 19:40:22
Copyright (c) University of Cambridge, 1995 - 2012
(c) The Exim Maintainers and contributors in ACKNOWLEDGMENTS file, 2007 - 2012
Berkeley DB: Berkeley DB 5.1.29: (October 25, 2011)
Support for: crypteq iconv() IPv6 GnuTLS move_frozen_messages DKIM
Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmjz dbmnz dnsdb dsearch nis nis0 passwd
Authenticators: cram_md5 plaintext
Routers: accept dnslookup ipliteral manualroute queryprogram redirect
Transports: appendfile/maildir/mailstore autoreply lmtp pipe smtp
Fixed never_users: 0
Size of off_t: 8
Configuration file is /var/lib/exim4/config.autogenerated

Best Answer

I had the same problem, here is my fix:

Add the following lines to /etc/exim4/conf.d/transport/10_exim4-config_transport-macros

#DKIM STUFF
DKIM_FILE = /etc/exim4/dkim/${lc:${domain:$h_from:}}.pem
DKIM_DOMAIN = ${lc:${domain:$h_from:}}
DKIM_SELECTOR = mail
DKIM_CANON = relaxed
DKIM_PRIVATE_KEY = ${if exists{DKIM_FILE}{DKIM_FILE}{0}}

Note: your certificates must reside in the /etc/exim4/dkim/ directory for this to work.

Then in /etc/exim4/conf.d/transport/30_exim4-config_remote_smtp

### transport/30_exim4-config_remote_smtp
#################################
# This transport is used for delivering messages over SMTP connections.

remote_smtp:
  debug_print = "T: remote_smtp for $local_part@$domain - dkim-file $DKIM_FILE"
  driver = smtp
  dkim_domain = ${lc:${domain:$h_from:}}
  dkim_private_key = ${if exists{DKIM_FILE}{DKIM_FILE}{0}}
  dkim_selector = mail
  dkim_canon = relaxed
  dkim_sign_headers = true

.ifdef REMOTE_SMTP_HOSTS_AVOID_TLS
  hosts_avoid_tls = REMOTE_SMTP_HOSTS_AVOID_TLS
.endif

.ifdef REMOTE_SMTP_HEADERS_REWRITE
  headers_rewrite = REMOTE_SMTP_HEADERS_REWRITE
.endif

.ifdef REMOTE_SMTP_RETURN_PATH
  return_path = REMOTE_SMTP_RETURN_PATH
.endif

.ifdef REMOTE_SMTP_HELO_FROM_DNS
  helo_data=REMOTE_SMTP_HELO_DATA
.endif

Exim now signs all of my outbound mail for each domain correctly.

Best Answer

Related Solutions

Exim DKIM Error: DKIM: signing failed (RC -101) no matter what private key I try

Publishing long domain key records in bind9

Related Topic