Thanks Andreas and Murray for quick replies!
Re (3) the packaging of latest version, I found this page and have sent email to the maintainer, asking if he will package the latest release.
http://packages.debian.org/stable/mail/opendkim
Unfortunately I think it would be too much googling and trial and error for me to try to compile sources and install myself.
-----Original Message-----
From: Murray S. Kucherawy [mailto:msk_at_cloudmark.com]
Sent: den 28 februari 2012 17:31
To: Max Flodén; opendkim-users_at_lists.opendkim.org
Subject: RE: key file permissions and other questions
> -----Original Message-----
> From: opendkim-users-bounce_at_lists.opendkim.org [mailto:opendkim-users-bounce_at_lists.opendkim.org] On Behalf Of Max Flodén
> Sent: Tuesday, February 28, 2012 4:06 AM
> To: opendkim-users_at_lists.opendkim.org
> Subject: key file permissions and other questions
>
> 1. It took me a long time to finally get opendkim to work until I found
> that the problem was that opendkim could not read the key file
> default.private. It was chmod 600 but when I changed to chmod 644 it
> started working. However I am a bit concered about security doing this
> as this means the private key is readable for all with system access,
> right?
It really depends on the ownership and permission of the directory of the file containing the keys, and all the directories above that. You just need to arrange that the user running the opendkim filter has read access to the keys. The filesystem arrangement you select based on that indicates whether it's generally secure or not.
Common practice these days appears to be to create a new userid for every daemon and let it own those files. You could do that, or do something similar with a group and give the group read access to the key.
> 2. I read somewhere (on this list I think, could not find it now) that
> domain name is not case sensitive when matching against the
> SigningTable but in my case this does not seem true. Is there a way I
> can get my SigningTable to match domain in a case insensitive manner?
> Eg. If I put "mydomain.com" in SigningTable then email from
> "info_at_MyDomain.com" will result in "no signing table match", but if I
> change it to "MyDomain.com" in SigningTable it will work.
There were numerous case sensitivity bug fixes recently, in 2.3.1, 2.3.0, and 2.2.1. If you're running 2.0.1, you don't have these fixes yet.
> 3. I see that the latest version of opendkim is 2.4.3 and 2.5 soon to
> be released. However the version I get when doing "apt-get install
> opendkim" in Debian is version 2.0.1.
> How does this process work, how do I get the latest version on Debian?
No idea, I'm afraid, though it looks like someone else has answered. But building from source isn't a difficult thing (I hope!).
-MSK
Received on Wed Feb 29 2012 - 12:03:22 PST