Can’t get Exim4 to DKIM sign outgoing mail?

DKIM isn’t too hard to setup, but there’s a crucial typo in several tutorials –  including this otherwise excellent one for Debian – which may leave you scratching your head to as why the header with the signature is missing from  your outgoing emails (and with no error messages in Exim’s log.)

Wrong:

DKIM_FILE = /etc/exim4/dkim/example.com-private.pem

Right:

DKIM_PRIVATE_KEY = /etc/exim4/dkim/example.com-private.pem

If you look closely in the remote_smtp config, you’ll see which constants it reads in (dkim_private_key = DKIM_PRIVATE_KEY) – but it’s easy to miss.  Or to put it another way, the names of the constants used don’t matter, provided code elsewhere in the configuration files is looking for the matching definitions.

Other tips:

On Debian, when you run sudo update-exim4.conf, the output is written to /var/lib/exim4/config.autogenerated

If something’s not working, check your changes have been copied there.

You can have a situation where all the split config files (the directories under /etc/exim4/conf.d/) exist, but Exim is running in unsplit mode, so only /etc/exim4/exim4.conf.template will actually be read.  Run sudo dpkg-reconfigure exim4-config to fix this (or check the db_use_split_config line in /etc/exim4/update-exim4.conf.conf)