Re: how to setup opendkim for signing all outgoing mails

From: SM <sm_at_resistor.net>
Date: Tue, 08 May 2012 03:00:40 -0700

Hi Matthias,
At 02:16 08-05-2012, Matthias Weiss wrote:
>We are running a website that also has a blogging feature. A reader can
>contact the author via a webform where he/she can enter his/her
>email address,
>specify a subject and write a message body. When they click on the "send"
>button the website generates an email and sends it via the postfix MTA.
>
>So we have the situation where the generated emails have different "From"
>entries, always the same envelope "MAIL FROM" and always the same "Sender"
>address entry. We also want to sign *all* of our mails with opendkim.

You could use the IdentityHeader setting.

>The problem is - I haven't found a configuration setup with opendkim that
>allowes us to sign all mails with the key of our domain when the "From"
>address is not from our domain.
>A solution is using the "SenderHeaders csl:Sender"
>configuration but I'm
>little bit concerned that if we have an error in our website
>configuration and
>the "Sender" field isn't set than we're sending unsigned emails.

SenderHeaders is used for DKIM verification

>Can anyone suggest a solution where all of our mails are always signed with
>our domain key?

If there is an error in your website configuration, you could enforce
policy checks to prevent such messages from being sent out. You can
also use a wildcard to sign everything. That should match any domain
in the "From:" header field.

Regards,
-sm
Received on Tue May 08 2012 - 10:00:57 PST