Re: AlwaysSignHeaders results in "fail"

From: <lutz.niederer_at_gmx.net>
Date: Mon, 18 Jun 2012 23:52:29 +0200

> On Mon, 18 Jun 2012, Murray S. Kucherawy wrote:
> > The "*" notation in SignHeaders was only added in OpenDKIM 2.3.0.
> > That's probably the cause for the error you're getting. I'll
> > double-check that later today.
>
> I downloaded 2.0.1 and tried your configuration against it, and yes
> indeed, the "*" feature wasn't supported back then and causes a processing
> error when trying to configure libopendkim to do what you're after.
>
> You can do it with 2.0.1, but you have to set SignHeaders to list all of
> the header fields you want to sign, including yours but also including all
> the other suggested ones. It's kind of a big list (see RFC6376 Section
> 5.4.1). Without the "*" feature, you need to replace the built-in list
> with a complete list, which means you have to copy the default list by
> hand.
>
> So much has been added and/or fixed since then though that upgrading
> really is a very good idea.

Taken from dkim.c v2.0.1:

/* recommended list of headers to sign, from RFC4871 section 5.5 */
const u_char *dkim_should_signhdrs[] =
{
        "from",
        "sender",
        "reply-to",
        "subject",
        "date",
        "message-id",
        "to",
        "cc",
        "mime-version",
        "content-type",
        "content-transfer-encoding",
        "content-id",
        "content-description",
        "resent-date",
        "resent-from",
        "resent-sender",
        "resent-to",
        "resent-cc",
        "resent-message-id",
        "in-reply-to",
        "references",
        "list-id",
        "list-help",
        "list-unsubscribe",
        "list-subscribe",
        "list-post",
        "list-owner",
        "list-archive",
        NULL
};

I would use/list all these headers for the SignHeaders option plus my header.
Ok?




-- 
Empfehlen Sie GMX DSL Ihren Freunden und Bekannten und wir
belohnen Sie mit bis zu 50,- Euro! https://freundschaftswerbung.gmx.de
Received on Mon Jun 18 2012 - 21:52:45 PST

This archive was generated by hypermail 2.3.0 : Mon Oct 29 2012 - 23:20:40 PST