Internal and External Hosts

From: Nikolaos Milas <nmilas_at_noa.gr>
Date: Tue, 06 Dec 2011 21:04:34 +0200

Hello,

We are planning the deployment of DKIM signatures using OpenDKIM on
Centos 5.7. On the same box we have one Outgoing (SMTP) mail server
(Postfix) which serves internal clients (on the LAN) and external
(outside of the organizational LAN) SASL-authenticated clients. We want
to sign mail messages by clients when they send mail using addresses of
the form: *_at_example.com, *_at_department1.example.com,
*_at_department2.example.com, ...

I would like to ask: In order to sign correctly outgoing mail for all
our clients, is it sufficient to declare 127.0.0.1 as InternalHosts? In
other words, the opendkim.conf "InternalHosts" setting applies to mail
clients (local or SASL-authenticated), or in fact only 127.0.0.1 is an
"InternalHost" since only 127.0.0.1 is actually sending mail?

In essence, what exactly is really matched by OpenDKIM against
InternalHosts entries (i.e. what is happening behind the scene)?

So, if:

    ExternalIgnoreList refile:/etc/opendkim/TrustedHosts
    InternalHosts refile:/etc/opendkim/TrustedHosts

then /etc/opendkim/TrustedHosts should be:

    127.0.0.1
    department1.example.com
    department2.example.com
    ...
    example.com

or just:

    127.0.0.1

??

Thanks,
Nick
Received on Tue Dec 06 2011 - 19:04:48 PST