Andreas - On Mon, Oct 16, 2023 at 07:13:28PM +0200, Andreas Metzler wrote: > > severity 941804 normal > > This exim4 bug has taken on increased importance now that gmail requires > > DKIM > > on all (?) incoming messages. > > I do not follow: > > The smarthost transport is typically used by a machine without > permanent internet connection to deliver *to* a smarthost. This > smarthost the does the real delivery using M lookups et al.
Basically right. I'd say "permanent and unimpeded Internet connection". See below. > google cares about the DKIM signature of the latter (the real mailserver). Someone has to add the DKIM signature, tied to the sender address. Google doesn't care where in the relaying chain it got added. > OTOH if you want to use google as smarthost you need to use SMTP AUTH > instead of adding a DKIM signature on your personal PC/laptop. My use case is being stuck behind an ISP's firewall, so the smarthost is supplied by the ISP. When the ISP delivers the mail to gmail, google needs some indication that the mail I sent is really from me. That's where DKIM comes in. I _am_ me, so I can make my exim MTA "sign" the message with DKIM on its way to the smarthost. I don't doubt that other people have different setups. Some will need this configuration fixed, some will not. But before google started enforcing SPF/DKIM/DMARC earlier this year, my smarthost routing approach could succeed without complications. Now it needs DKIM. Fortunately I could make that work -- after applying a local patch to fix this bug. - Larry
