RE: Signing Table Wildcard?

From: Murray S. Kucherawy <msk_at_cloudmark.com>
Date: Sun, 28 Aug 2011 21:01:01 -0700

> -----Original Message-----
> From: opendkim-users-bounce_at_lists.opendkim.org [mailto:opendkim-users-bounce_at_lists.opendkim.org] On Behalf Of Steve Jenkins
> Sent: Sunday, August 28, 2011 4:36 PM
> To: opendkim-users_at_lists.opendkim.org
> Subject: Signing Table Wildcard?
>
> I've been testing a new OpenDKIM setup on a server, and my
> SigningTable looks like this:
>
> *_at_example.com default._domainkey.example.com
>
> If I send mail with that SigningTable, I get:
>
> Aug 28 16:22:35 monkey opendkim[13167]: (unknown-jobid): no signing
> table match for 'steve_at_example.com'
> Aug 28 16:22:35 monkey opendkim[13167]: 09E1E1570064: no signature data
>
> But if I change the SigningTable to:
>
> * default._domainkey.example.com
>
> and make no other changes, and then restart OpenDKIM, it works:
>
> Aug 28 16:25:36 monkey opendkim[13382]: A3D0B1570064: DKIM-Signature
> header added (s=default, d=example.com)
>
> I must have something else set wrong, otherwise this would totally
> defeat the purpose of a signing table. I totally have this working
> with the *_at_example.com wild card on my personal mail server for a few
> different domains. Any ideas?

SigningTable doesn't check for "*_at_example.com". The order is:

steve_at_example.com
example.com
steve_at_.com
.com
steve_at_*
*

See the opendkim.conf(5) man page under "SigningTable".

-MSK
Received on Mon Aug 29 2011 - 04:01:09 PST

This archive was generated by hypermail 2.3.0 : Mon Oct 29 2012 - 23:20:19 PST