It seems to me that DKIM signing is only normally implemented via
remote_smtp transport in exim4 of Debian based GNU/Linux.
Let's say you have a mail server, it might be for a single domain or it
might be for many domains.
How do you get DKIM to sign every single email, regardless of whether or
not it needs to transit via smtp to another server? If I send to a
different domain (or any that the server is responsible for), but
without needing remote_smtp transport, then emails don't get signed.
I want to do this as I want to use DMARC and force emails to require
both SPF and DKIM signing for every email of any or all domains served
by the mail server. There are a couple of edge cases too, but I'm not
sure I want to go there. One edge case is when you have a device use
SMTP to send an alert via an ISP mail server or other mail server that
is not trusted with a copy of the private key. The other edge case
being emails sent via PHP (with/without Wordpress for example).
I've also played around with using a pipe with "Resent-To" facility, not
sure I want to sign these, really, as the original author may b
problematic; but if I can sign them, then I would use a special selector
for that purpose to help protect reputation.
Any thoughts? Implementation help?
Thanks and Kind Regards
Show replies by date