[prev in list] [next in list] [prev in thread] [next in thread]
List: exim-users
Subject: Re: [exim] Help with dual-key DKIM
From: Perry Naseck via Exim-users <exim-users () exim ! org>
Date: 2021-07-26 17:07:01
Message-ID: 56b1e850-c626-2c72-7812-bd65255e7c83 () perrynaseck ! com
[Download RAW message or body]
Thank you all very much for your pointers.
I switched to SQLite with the following schema:
CREATE TABLE `dkim` (
`domain` INTEGER NOT NULL,
`selector` TEXT,
`privkey` TEXT,
`strict` INTEGER NOT NULL DEFAULT 0,
`canon` TEXT DEFAULT 'relaxed'
);
An example row:
domain=example.com selector=20210724_1_rsa \
privkey=example.com/example.com_20210724_1_rsa.pem strict=0 canon=relaxed
This is my new config:
DKIM_DOMAIN = ${lc:${domain:$h_from:}}
DKIM_SELECTOR = <\n ${lookup sqlite {/etc/exim4/dkim/KeyTable.db select selector from \
dkim where domain='$dkim_domain';}{$value}fail} DKIM_FILE = ${lookup sqlite \
{/etc/exim4/dkim/KeyTable.db select privkey from dkim where domain='$dkim_domain' and \
selector='$dkim_selector';}{/etc/exim4/dkim/$value}fail} DKIM_PRIVATE_KEY = ${if \
exists{DKIM_FILE}{DKIM_FILE}{0}} DKIM_CANON = ${lookup sqlite \
{/etc/exim4/dkim/KeyTable.db select canon from dkim where domain='$dkim_domain' and \
selector='$dkim_selector';}{$value}fail} DKIM_STRICT = ${lookup sqlite \
{/etc/exim4/dkim/KeyTable.db select strict from dkim where domain='$dkim_domain' and \
selector='$dkim_selector';}{$value}fail}
This config successfully dual signs messages with both RSA and ed25519 keys. Note I \
am not using sqlite_dbfile because Debian stable has Exim v4.92 at the moment.
I originally attempted CDB and couldn't get it all to work, but I like SQLite a bit \
better since it is a bit less tedious to update/edit. It would be nice to know if \
there is a speed difference, though this is a very small, personal mail server so it \
won't matter much in this particular case. I suppose Redis would be the fastest, but \
that is no longer as simple as a single-file DB.
Thanks again,
Perry
On 7/26/21 9:27 AM, Jeremy Harris via Exim-users wrote:
> On 26/07/2021 14:16, Graeme Fowler via Exim-users wrote:
> > So… if there are lines after the first match, they’ll never be reached. As Jeremy \
> > states, wrong tool for the job.
> > If you want to persevere with lsearch, make your key (the bit before the colon) \
> > unique and set multiple values,
>
> The alternative will be something closer to a real database (than the flat file \
> accessed by lsearch), which can return multiple results for a single query. \
> Sqlite, CDB, LMDB, Postgres, etc.
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic