Exim不会签名通过SMTP发送的邮件

我一直在努力让Exim签署我与Zend2 Mailer类发送的邮件。 该类可以select通过SMTP发送; 这是真棒，因为我有一切configuration在MTA级别。

然而。 从客户端（Thunderbird）发送邮件将被签名。 Zend2的Mailing类发送的邮件不会。 我们从我的Exim版本开始。

Exim version 4.76 #1 built 19-Jul-2011 02:56:59 Copyright (c) University of Cambridge, 1995 - 2007 Berkeley DB: Berkeley DB 4.7.25: (November 12, 2010) Support for: crypteq IPv6 Perl OpenSSL move_frozen_messages Content_Scanning DKIM Old_Demime Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmnz Authenticators: cram_md5 plaintext Routers: accept dnslookup ipliteral manualroute queryprogram redirect Transports: appendfile/maildir/mailstore/mbx autoreply lmtp pipe smtp Size of off_t: 8 Configuration file is /etc/exim.conf 

然后是DKIM的configuration。 我尝试用下面的方法查找域，而不是使用$sender_address_domainvariables。 我在另一个serverfault文章中看到，DATA命令可能会破坏信封，导致发送者地址更奇怪。 但是，我不是这种情况。 两者都parsing为实际的发件人/来自adres。

 [rob@server ~]$ exim -bP transports | grep dkim dkim_canon = relaxed dkim_domain = ${lc:${domain:$h_from:}} dkim_private_key = ${if exists{/etc/virtual/$sender_address_domain/dkim.private.key}{/etc/virtual/$sender_address_domain/dkim.private.key}{0}} dkim_selector = x dkim_sign_headers = MIME-Version:Date:Message-ID:Subject:From:To dkim_strict = 0 

钥匙在那里。 使用Thunderbird发送邮件validationconfiguration的工作原理。

• 使用VPN时NFS挂载失败
• 无法使用tftp备份Ciscoconfiguration
• CentOS 6本地更新存储库和安全更新
• 阻止所有传出stream量使用firewalld专用networking子网？
• 在将CentOS推广为桌面环境时，我应该注意哪些问题？

然后我问自己，这些邮件是否真的通过SMTP服务器？ 结果; 是的，他们做的。 我检查了/var/log/exim/mainlog 。 现在我还注意到，雷鸟的邮件没有得到“接收邮件”的logline。 我不知道为什么？ 有人可以详细说明，如果他们知道为什么？ PHP使用SMTPlogin方法与Thunderbird使用的完全相同的SMTP信息进行连接。 相同的端口，域名，用户名，密码。

https://framework.zend.com/manual/2.4/en/modules/zend.mail.smtp.options.html#zend-mail-smtp-options

 # This is the mail recieved from the PHP code. 2016-11-15 08:28:52 1c6YAm-000154-6p <= [email protected] H=mydomain.com [ipv4.addr] P=esmtpa A=login:[email protected] S=22098 id=26412cc5accb22e5ce03925c7ac38a7c95c398cb19d5736fa41fb565c8dc1254@mydomain.com T="Another day at the office with DKIM..." from <[email protected]> for [email protected] # Here it is outbound for its destination. Not signed to be noted. 2016-11-15 08:28:52 1c6YAm-000154-6p => [email protected] F=<[email protected]> R=lookuphost T=remote_smtp S=22157 H=gmail-smtp-in.l.google.com [ipv6.addr] X=UNKNOWN:ECDHE-RSA-AES128-GCM-SHA256:128 C="250 2.0.0 OK 1479194932 yr4si27147042wjc.210 - gsmtp" # This is send with Thunderbird. This gets signed... 2016-11-15 08:31:47 1c6YDa-0001CM-UY => [email protected] F=<[email protected]> R=lookuphost T=remote_smtp S=762 H=gmail-smtp-in.l.google.com [ipv6.addr] X=UNKNOWN:ECDHE-RSA-AES128-GCM-SHA256:128 C="250 2.0.0 OK 1479195107 s17si1915514wme.47 - gsmtp" 

这些邮件也不会被拒绝，也不会在恐慌日志中find。 他们都得到我的Gmail帐户收到：

 # This is the mail send from thunderbird. With DKIM signing. Delivered-To: [email protected] Received: by 10.80.186.18 with SMTP id g18csp1289759edc; Mon, 14 Nov 2016 23:31:47 -0800 (PST) X-Received: by 10.194.248.5 with SMTP id yi5mr384988wjc.11.1479195107193; Mon, 14 Nov 2016 23:31:47 -0800 (PST) Return-Path: <[email protected]> Received: from myserver.com (myserver.com. [ipv6.addr]) by mx.google.com with ESMTPS id s17si1915514wme.47.2016.11.14.23.31.47 for <[email protected]> (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 14 Nov 2016 23:31:47 -0800 (PST) Received-SPF: pass (google.com: domain of [email protected] designates ipv6.addr as permitted sender) client-ip=ipv6.addr; Authentication-Results: mx.google.com; dkim=pass [email protected]; spf=pass (google.com: domain of [email protected] designates ipv6.addr as permitted sender) [email protected]; dmarc=pass (p=NONE dis=NONE) header.from=mydomain.com DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=mydomain.com; s=x; h=Content-Transfer-Encoding:Content-Type:MIME-Version:Date:Message-ID:Subject:From:To; bh=zaNQl8a2eAEHfPVmKMA7RmtMqJ/6huDk4u6pr/tWrqQ=; b=xcDHIzzTWS8hPMxjqbZM0I6b/act/LlweTuNcnZJ9ttEF1dAm37Lzy8zOJz2E2aDTkcQOdCQuC+VyIaXTRzTMJXyzJTUXTgPUPOePsR5XYqqsE0iQRMkDl/Ah650kBHD5drqIrFJwCw5g0aL9OECqTyRO9kwL0DQJX/mKcTkLtiiIs7Z7G77ZwWhJpFm/duoQARtZZ1UZFu42/Vbl+V8vSoWbXoZBpg+WBGucWJoGq+hb5zILxwsMPcbrIu+avBjjoUdLVP9YMFiPC3nK+7zOGBWOO7x6QoHQmO8uo0P88E52Sm9ZJGgLQOCfFCMjCnv4IMemj/GSe25Sf8PKah/Xg==; Received: from 159-032-128-083.dynamic.caiway.nl ([83.128.32.159] helo=[192.168.1.108]) by myserver.com with esmtpsa (UNKNOWN:AES128-SHA:128) (Exim 4.76) (envelope-from <[email protected]>) id 1c6YDa-0001CM-UY for [email protected]; Tue, 15 Nov 2016 08:31:46 +0100 To: Rob van der Lee <[email protected]> From: Rob van der Lee <[email protected]> Subject: Dit is een verzonden mail via account Message-ID: <[email protected]> Date: Tue, 15 Nov 2016 08:31:46 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.4.0 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Dit is echt een test. 

而这里从PHP发送的邮件没有得到签名。

 Delivered-To: [email protected] Received: by 10.80.186.18 with SMTP id g18csp1288906edc; Mon, 14 Nov 2016 23:28:52 -0800 (PST) X-Received: by 10.28.170.134 with SMTP id t128mr2009669wme.29.1479194932632; Mon, 14 Nov 2016 23:28:52 -0800 (PST) Return-Path: <[email protected]> Received: from myserver.com (myserver.com. [ipv6.addr]) by mx.google.com with ESMTPS id yr4si27147042wjc.210.2016.11.14.23.28.52 for <[email protected]> (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 14 Nov 2016 23:28:52 -0800 (PST) Received-SPF: pass (google.com: domain of [email protected] designates ipv6.addr as permitted sender) client-ip=ipv6.addr; Authentication-Results: mx.google.com; spf=pass (google.com: domain of [email protected] designates ipv6.addr as permitted sender) [email protected]; dmarc=pass (p=NONE dis=NONE) header.from=mydomain.com Received: from mydomain.com ([37.97.128.104]) by myserver.com with esmtpa (Exim 4.76) (envelope-from <[email protected]>) id 1c6YAm-000154-6p for [email protected]; Tue, 15 Nov 2016 08:28:52 +0100 Date: Tue, 15 Nov 2016 07:28:52 +0000 To: [email protected] From: Rob van der Lee <[email protected]> Sender: Rob van der Lee <[email protected]> Subject: Another day at the office with DKIM... MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="=_7ebb8a8d12984c5cc3f5fbf995b1b4ad" Message-ID: <26412cc5accb22e5ce03925c7ac38a7c95c398cb19d5736fa41fb565c8dc1254@mydomain.com> This is a message in Mime Format. If you see this, your mail reader does not support this format. --=_7ebb8a8d12984c5cc3f5fbf995b1b4ad Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ... content of mail in text and then html, left it out since not relevant. 

为什么Exim不会在这个邮件上签名呢？ 正如在日志文件中看到的，这两个邮件都通过T=remote_smtp发送，根据我的MTAconfiguration，所有通过remote_smtp发送的出站邮件都应该被签名。

除了邮件实际上发送并到达邮箱。 希望我能从中学习。

更新：

根据丹尼尔的build议，我尝试解决域名，处理SMTP请求，内部，而不是让我的提供者为我处理这个。 这没有帮助，消息仍然发送无符号。

日志也看起来像上面提到的一样。

挖掘旧情况的请求：

 ;; QUESTION SECTION: ;mydomain.com. IN NS ;; ANSWER SECTION: mydomain.com. 86400 IN NS ns1.transip.nl. mydomain.com. 86400 IN NS ns2.transip.eu. mydomain.com. 86400 IN NS ns0.transip.net. 

挖新的情况要求：

 ;; QUESTION SECTION: ;mydomain.com. IN NS ;; ANSWER SECTION: mydomain.com. 14400 IN NS ns2.myserver.com. mydomain.com. 14400 IN NS ns1.myserver.com. 

更新回答：

我也在Exim Bug跟踪器上制作了一个Bug票。 想过要得到一些专家的帮助; 杰里米·哈里斯指出我正确的方向。

 Jeremy Harris 2016-11-15 14:58:55 GMT First, if you're running Exim 4.76 - update it. Then, assuming the problem still exists: restart your daemon with a commandline debug option, collecting output. Feed it a test mail. Examine the debug output, which shows the processing flow for the message. Compare with your config and work out where it differs from what you expected. 

我做了他告诉我的。 更新后，发现问题仍然存在。 提供debugging方式2邮件。 一个签名，另一个未签名。

我开始仔细比较，并注意到两封邮件的身体开始被送到PDKIM（Exim的dkim库）。 然后我发现我的未签名的邮件没有像签名的消息一样的身体closures。

我觉得这跟内容有关。 所以从PHP端我只发送一行文本的邮件。 这是签署…

解？ 自动换行！ 我以前没有想到这个！ 我现在真的不觉得那么聪明。 这是因为我正确地知道这个。 RFC 2646规范告诉了我们关于它的所有信息。

希望这篇文章能帮助别人。 这是一个很好的旅程，愚蠢的问题是我的实施。