On 20/May/10 21:06, Todd Lyons wrote:
> What obvious thing(s) am I missing? What does opendkim need different
> in this configuration for it to sign emails submitted to a mailman
> mailing list? And what does opendkim need different in this
> configuration for it to start when I tell it to use KeyTable? I
> suspect I need to somehow incorporate the SigningTable function, but
> the description of that does not make sense to me yet.
List signatures have to be different from regular MSA ones. One may
set up a list-dedicated server. Alternatively, isn't it feasible to
sign messages using a script, i.e. before queuing them? It could be
done with the opendkim binary, using commands similar to the ones in
its test suite. Actually, I only use the opendkim library, and don't
have mailman, so please accept my apologies if my suggestion doesn't
make sense on your server.
I'd go for using the "i=" tag with the List-ID value. For this list,
for example, it would be "i=opendkim-users_at_lists.opendkim.org". Such
convention would allow a verifier to distinguish an original /List
Domain Signature/ from those added by forwarders, if any.
Received on Fri May 21 2010 - 08:19:38 PST
This archive was generated by hypermail 2.2.0+W3C-0.50 : Fri May 21 2010 - 13:50:01 PST