On Fri, 27 Aug 2010, Richard Rognlie wrote:
>>> And those signatures happily verify
>>
>> That part's a bit odd. What software is doing the verifying?
>
> OpenDKIM 2.1.3
I'll try to simulate this manually sometime this weekend or Monday to
reproduce what you're seeing.
>>> I see mention of something in SignatureTable about the i= clause, but
>>> for the life of my I can't parse what it's saying, nor can I find an
>>> example anywhere...
>>>
>>> values in this data set should include one field that refers
>>> to a name found in the KeyTable (see above) that identifies
>>> which key should be used in generating the signature, and an
>>> optional second field naming the signer of the message that will
>>> be included in the "i=" tag in the generated signature.
>>
>> So the SignatureTable might look like:
>>
>> *_at_gamerz.net testdkim:opendkim_at_gamerz.net
>>
>> ...and you'd always have "i=opendkim_at_gamerz.net" in your signatures.
>
> which is not the domain I want as the i= clause. I want i= to be
> the sender. (which in the above case, is _at_gamerz.net,
> but in the *_at_*.gamerz.net case is @mumble.gamer.znet)
So you'd want something like:
*_at_*.gamerz.net testdkim:@%
...where "%" is replaced by the domain name portion of the thing that
matched "*_at_*.gamerz.net", correct?
>> The feature isn't actually available in 2.1.3. It's available in 2.2.0.
>> What documentation are you reading?
>
> I thought 2.1.3 (since that's the only version available from the download
> page on sorceforge)
Right, but that documentation doesn't mention the sender selection
feature.
> I ass-u-me-d that http://www.opendkim.org/opendkim.conf.5.html would be
> the same. There's no indication on that page which version it refers
> to.
That stuff is pulled from the development head. There were reasons for
doing this but I imagine they weren't very good ones because I've since
forgotten them. I've changed it to pull from the current release branch
instead.
-MSK
Received on Fri Aug 27 2010 - 20:22:02 PST