Hello,
the documentation of of opendkim.conf(5) for Mode is written, that it
has to be either "s"(open dkim only signs messages), "v" (opendkim only
verifies messages) or "sv" (both verify and sign). In my configuration
I have several MTAs connected to the same opendkim, and a setup.lua,
which takes different actions based on {daemon_name}: sometimes it only
signs messages, sometimes opendkim only verifies messages and sometimes
opendkim shall both sign and verify the messages. To my understanding
the setup.lua script should be something like:
local mtaname = odkim.get_mtasymbol(ctx, "{daemon_name}")
if mtaname == "sm-80" then
odkim.sign(ctx, "aegee")
odkim.verify(ctx)
elseif mtaname == "sm-localhost" then
odkim.sign(ctx, "aegee")
else
odkim.verify(ctx)
end
return nil
Okay, now what role has the switch "Mode" in the configuration file for
opendkim, when the logic of singing/verifying is solely in the setup.lua
file?
I had problems with setup.lua, when it makes both explicitly verify and
sign actions, but I am not 100% sure, that making sign and verify at the
same time is the reason. In the provided opendkim/setup.lua.sample
file, the action is either only sign or only verify, but why is it not
possible to do sometimes only one of the actions, sometimes both (for an
email, that is supposed to be forwarded to another server). The milter
log reported me "Broken pipe" and I was not able to check it deeper.
Moreover I found in the documentation of libopendkim:dkim_getsighdr_d
(called from opendkim.c) that it is not possible to make verify and
dkim_getsighdr_d with the same context.
Finally, the documentation of KeyTable says, that it is possible to
write as third value either the file, where the key is stored, or the
key itself. If I have a key in the format:
-----BEGIN RSA PRIVATE KEY-----
ABC1
EFG2
-----END RSA PRIVATE KEY-----
Provided that I want to put as third value in a KeyTable the above key,
and not the file containing the key, how shall I format the KeyTable file:
A mydomain.org:L1024:-----BEGIN RSA PRIVATE
KEY-----\nABC1\nEFG2\n-----END RSA PRIVATE KEY----- or
A mydomain.org:L1024:ABC1\nEFG2 or
A mydomain.org:L1024:ABC1EFG2 or in a different way? In anycase, adding
a test under opendkim/tests, where the key is described withing the
KeyTable would allow first to see an example how it works (, and second
to test if it works).
Thanks in advance for your feedback
Дилян
Received on Sun Apr 01 2012 - 19:10:47 PST