Folks, We experienced a regression in Exim with the 4.90 upgrade, which affected exim.org mail. As a result, all mail generated by the exim.org box which was sent out from a domain other than exim.org itself was not sent.
Instead, the mail was queued as having a temporary problem, and then eventually bounced. This affects: * buganizer * cron job output * probably other things since Exim was updated to 4.90 on December 22nd, 2017. The regression is that "dkim_private_key" being set to false does not currently override "dkim_strict" and so instead of being sent unsigned, the mail sending fails. I have: * added a DKIM signing key for bugs.exim.org; * changed the configuration so that dkim_strict is based upon the same logic as dkim_private_key, so that it's only set to '1' if we will be signing; * filed bug 2220 about this regression in Exim <https://bugs.exim.org/show_bug.cgi?id=2220>; I'm currently recovering from fever so am not diving into the Exim codebase to fix this myself. That's my excuse and I think it's a good one. *coughcoughhack* (I was honestly apprehensive about changing system configs, or logging in as root, in my current state.) For elucidation, this is our current remote_smtp configuration on the exim.org box: remote_smtp: driver = smtp rcpt_include_affixes tls_require_ciphers = ALL:-SSLv3:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP # hosts_try_chunking = dnssec_request_domains = * hosts_try_dane = * hosts_try_fastopen = * dkim_domain = ${domain:$sender_address} dkim_selector = ${lookup {$dkim_domain}lsearch{/etc/exim/dkim/domains-mapping} {$value}{SKIP}} dkim_private_key = ${if eq{$dkim_selector}{SKIP}{false}{/etc/exim/dkim/rsa.private.$dkim_selector.$dkim_domain}} dkim_strict = ${if eq{$dkim_selector}{SKIP}{0}{1}} Regards, -Phil
signature.asc
Description: Digital signature
-- ## List details at https://lists.exim.org/mailman/listinfo/pcre-dev
