Thursday, September 22, 2016

dmarc - How to set Exim envelope domain to From domain



I've set up DKIM on Exim with the domain set like:




DKIM_DOMAIN = ${sender_address_domain}


However, the domain is always set to the same domain (my primary domain), which causes DMARC validation to fail, because of alignment, when sending emails for other domains (I host several websites).



From reading the documentation, I think the sender_address_domain is the envelope address and not the From field. How can I change the envelope address so that it matches the From field of a given email (I assume this will also allow SPF alignment to be correct)?



Also, for security, is it possible to have a whitelist of allowable domains, so Exim refuses to send emails that have another domain in the From field?


Answer




Add the rewrite rule:



*       "$header_from:" F


In debian this can be added by creating a file such as /etc/exim4/conf.d/rewrite/10_from_rewrite. This rule rewrites the sender field to match the From header, allowing DMARC alignment to work correctly.


-

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

linux - How to SSH to ec2 instance in VPC private subnet via NAT server

I have created a VPC in aws with a public subnet and a private subnet. The private subnet does not have direct access to external network. S...