> On Mon, 18 Jun 2012, Murray S. Kucherawy wrote:
> > The "*" notation in SignHeaders was only added in OpenDKIM 2.3.0.
> > That's probably the cause for the error you're getting. I'll
> > double-check that later today.
>
> I downloaded 2.0.1 and tried your configuration against it, and yes
> indeed, the "*" feature wasn't supported back then and causes a processing
> error when trying to configure libopendkim to do what you're after.
>
> You can do it with 2.0.1, but you have to set SignHeaders to list all of
> the header fields you want to sign, including yours but also including all
> the other suggested ones. It's kind of a big list (see RFC6376 Section
> 5.4.1). Without the "*" feature, you need to replace the built-in list
> with a complete list, which means you have to copy the default list by
> hand.
>
> So much has been added and/or fixed since then though that upgrading
> really is a very good idea.
Taken from dkim.c v2.0.1:
/* recommended list of headers to sign, from RFC4871 section 5.5 */
const u_char *dkim_should_signhdrs[] =
{
"from",
"sender",
"reply-to",
"subject",
"date",
"message-id",
"to",
"cc",
"mime-version",
"content-type",
"content-transfer-encoding",
"content-id",
"content-description",
"resent-date",
"resent-from",
"resent-sender",
"resent-to",
"resent-cc",
"resent-message-id",
"in-reply-to",
"references",
"list-id",
"list-help",
"list-unsubscribe",
"list-subscribe",
"list-post",
"list-owner",
"list-archive",
NULL
};
I would use/list all these headers for the SignHeaders option plus my header.
Ok?
--
Empfehlen Sie GMX DSL Ihren Freunden und Bekannten und wir
belohnen Sie mit bis zu 50,- Euro! https://freundschaftswerbung.gmx.de
Received on Mon Jun 18 2012 - 21:52:45 PST