.option dkim_canon smtp string&!! unset
.option dkim_strict smtp string&!! unset
.option dkim_sign_headers smtp string&!! unset
+.option dkim_hash smtp string&!! sha256
DKIM signing options. For details see section &<<SECDKIMSIGN>>&.
.wen
If it is empty after expansion, DKIM signing is not done.
-.option dkim_selector smtp string&!! unset
+.option dkim_selector smtp string list&!! unset
This sets the key selector string.
-You can use the &%$dkim_domain%& expansion variable to look up a matching selector.
-The result is put in the expansion
+.new
+After expansion, which can use &$dkim_domain$&, this can be a list.
+Each element in turn is put in the expansion
variable &%$dkim_selector%& which may be used in the &%dkim_private_key%&
option along with &%$dkim_domain%&.
-If the option is empty after expansion, DKIM signing is not done.
+If the option is empty after expansion, DKIM signing is not done for this domain.
+.wen
.option dkim_private_key smtp string&!! unset
This sets the private key to use.
signature.
When unspecified, the header names recommended in RFC4871 will be used.
+.new
+.option dkim_hash smtp string&!! sha256
+Can be set alternatively to &"sha1"& to use an alternate hash
+method. Note that sha1 is now condidered insecure, and deprecated.
+.wen
+
.section "Verifying DKIM signatures in incoming mail" "SECID514"
.cindex "DKIM" "verification"
syntactically(!) correct signature in the incoming message.
A missing ACL definition defaults to accept.
If any ACL call does not accept, the message is not accepted.
-If a cutthrough delivery was in progress for the message it is
+If a cutthrough delivery was in progress for the message, that is
summarily dropped (having wasted the transmission effort).
To evaluate the signature in the ACL a large number of expansion variables
projects / user / henk / code / exim.git / blobdiff