Just some general questions after reading the documentation. To note, I am
only doing signing with OpenDKIM, not verification.
I'm writing a utility right now that basically takes a domain, and one of 4
actions: add, update, query, or remove.
Add seems straightforward (add the data for a domain that has no data).
Update leads me to the following questions:
Is there ever a time someone would want to re-generate the keys for a
domain? If they do, should they use the same Selector as they had
previously, or should they use a new one?
Query just returns the data stored in LDAP for the domain.
Remove removes the DKIM data for the domain from LDAP. However, is that
valid? What kind of trouble may ensue if that occurs? ;)
Also, this following will come in a separate email once our new mtas have
their firewall rules updated, but that may take a few days, so:
Is there any reason not to use a guaranteed UUID for the SELECTOR with
dkim, something like:
9d624885-08e6-4ebf-bc0f-532b0d9f4060
I ask because we have clients that literally have hundreds or thousands of
domains. Having them try and pick a selector for each domain, rather than
generating it programmatically with a UUID seems like it would be a major
headache to manage.
My DKIM keys & selector bits will be stored in LDAP, so it's easy to do
this for every domain.
Thanks,
Quanah
--
Quanah Gibson-Mount
Sr. Member of Technical Staff
Zimbra, Inc
A Division of VMware, Inc.
--------------------
Zimbra :: the leader in open source messaging and collaboration
Received on Thu May 03 2012 - 19:46:50 PST