My emails used to be getting signed with DKIM in the header. Now if you check the email source it is not signing.
Whatis wrong? How can I debug, what logs can I look at?
cat /etc/exim4/conf.d/main/00_local_macros
Returns:
DKIM_CANON = relaxed
DKIM_SELECTOR = mail
DKIM_DOMAIN = ${sg{${lc:${domain:$h_from:}}}{^www\.}{}}
DKIM_FILE = /etc/exim4/keys/${dkim_domain}/mail.private
DKIM_PRIVATE_KEY = ${if exists{DKIM_FILE}{DKIM_FILE}{0}}
The location of the keys:
ls -la /etc/exim4/keys/example.co.za/
Returns:
-rwxr-x--- 1 Debian-exim Debian-exim 887 Mar 7 17:26 mail.private
-rwxr-x--- 1 Debian-exim Debian-exim 305 Mar 7 17:26 mail.txt
Best Answer
Check your mainlog to verify which transport is delivering your mail (T= lines). The only standard transport that signs email is
remote_smtp
. If mail, is being delivered by a different transport, it won't be signed.EDIT: I believe this maybe where your problem is as
${dkim_domain}
likely doesn't contain the value ofDKIM_DOMAIN
:Try:
Although I would recommend not sending from
www
domains so you could define DKIM_DOMAIN as follows. You could use domain rewriting to remove thewww
portion of the domain, although I would try to avoid getting it there in the first place.I prefer to use a split configuration, although the single file configuration works if you only have simple modifications. Any changes I make are new files, with new names. I have a couple of modified versions of Exim provided configuration files modified to my needs. This method retains my changes when an Exim upgrade includes configuration changes. In either case, consider using a revision control system to track your changes.
The user id running exim needs to be able to read the key files, and all directories leading to the files. However, it should not be able to write or replace the keys. If you have keys in dedicated directory you can protect it by change the mode to
750
, changing the owner toroot
and the group toDebian-exim
or whatever group Exim runs as. Protect the keys likewise, but set the mode to440
or640
.