X-Git-Url: https://git.openstreetmap.org./chef.git/blobdiff_plain/3b34c7718e74b79167c426a52b52f78bcc5ef600..07417174dc9d0271283aacbe20b1cd73ec374685:/cookbooks/exim/templates/default/exim4.conf.erb

diff --git a/cookbooks/exim/templates/default/exim4.conf.erb b/cookbooks/exim/templates/default/exim4.conf.erb
index df725a8ae..3c4ebd4aa 100644
--- a/cookbooks/exim/templates/default/exim4.conf.erb
+++ b/cookbooks/exim/templates/default/exim4.conf.erb
@@ -678,7 +678,7 @@ smarthost:
 dnslookup:
   driver = dnslookup
   domains = ! +local_domains
-  transport = remote_smtp
+  transport = signed_smtp
   same_domain_copy_routing = yes
   ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
   no_more
@@ -706,6 +706,19 @@ remote_smtp:
   tls_require_ciphers = <%= node[:ssl][:gnutls_ciphers] %>:%LATEST_RECORD_VERSION
 
 
+# This transport is used for delivering DKIM signed messages over SMTP connections.
+
+signed_smtp:
+  driver = smtp
+  dkim_domain = ${lookup{${domain:$h_from:}}partial-lsearch{/etc/exim4/dkim-domains}{$value}}
+  dkim_selector = ${lookup{$dkim_domain}lsearch{/etc/exim4/dkim-selectors}{$value}}
+  dkim_private_key = /etc/exim4/dkim-keys/${dkim_domain}
+  dkim_identity = ${lc:${address:$h_from:}}
+  # dkim_timestamps = 1209600
+  multi_domain = false
+  tls_require_ciphers = <%= node[:ssl][:gnutls_ciphers] %>:%LATEST_RECORD_VERSION
+
+
 # This transport is used for handling pipe deliveries generated by alias or
 # .forward files. If the pipe generates any standard output, it is returned
 # to the sender of the message as a delivery error. Set return_fail_output