On Sun, 21 Feb 2010, SM wrote:
> From the manual, I understand that the format of the file which KeyTable
> points to is:
>
> domain:selector:keypath
The value of entries in the KeyTable look like that, right. "keypath" can
actually also be the actual key data in either base64-encoded DER form or
in PEM form.
> We also need to define a SigningTable file which defines the pattern
> (From: header) to map to entries in the KeyTable. I gather that we can
> use "refile" and not "file" if we want pattern matching.
You can use either. If you use "file" (or actually anything other than a
"refile"), there's a sequence of decreasingly precise things it tries. If
you use "refile", the regular expressions are attempted in order.
> Is the following entry correct:
>
> *_at_example.com:example.com:selector
Not quite.
If you're using "refile", then the regular expression would match but the
third value (the key data) is missing from the above example.
For all other cases, the key "*_at_example.com" isn't one of the ones queried
(see the SigningTable description in opendkim.conf.5.in), and it would be
looking up "example.com:selector" in the KeyTable which probably isn't
what you want.
What you probably want is a SigningTable entry of "example.com" mapping to
some key X (which covers all users in example.com), and then a KeyTable
entry mapping X to "example.com:selector:keydata".
Received on Sun Feb 21 2010 - 21:17:29 PST
This archive was generated by hypermail 2.3.0
: Mon Oct 29 2012 - 23:32:52 PST