I'm rewriting the Envelope Sender in messages forwarded through one of my machines, where senders outside of my organization send messages to a local account, set to forward the message out to a new recipient outside our organization.
The From: header inside the message doesn't get touched, and if there's no existing Reply-To: header in the message, i copy the original From: hear address, or optionally the envelope sender address (from the MAIL FROM smtp command) into a new Reply-To header. Then for the outbound forwarded message, the envelope sender is changed to a the email address of the local account doing the forwarding, by setting the return_path attribute. There's a problem with this when it comes to domainkey signing. The egress DK signing code seems to still use the domain from the address found in the From: header. Is this a requirement as per the domainkey specs? I wish I could tell the DK signing code to instead use the domain for the local account as the d= attribute in the Domainkey-signature header. It makes no sense to include the original sender's domain in this header when it's NOT a local domain, nor under our control. It's very odd that we can set the selector to use for signing, but not override the domain reported in the domainkey-signature header. Is there a workaround for this? Perhaps a feature being worked on? Am I on crack and just trying to break a rule in the DK spec? - Erik Schorr - Senior Systems Engineer - CIS Data System, Davis, CA -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/