"Murray S. Kucherawy" <msk_at_blackops.org> writes:
> On Fri, 26 Oct 2012, Micah Anderson wrote:
>> The main one I'm puzzled by is the results I got from some of the
>> auto-responder test addresses. I see that the dkim test is failing
>> because they are looking for the DNS entry for
>> _domainkey.hostname.example.com when I was expecting them to simply look
>> for _domainkey.example.com. I can get around that by adding DNS TXT
>> entries for the hostname (and its alias), but is there a configuration
>> option I can set to request that remote sites don't check the hostname
>> portion?
>
> The query is based on the signing domain, which is the "d=" part of the
> signature. So you need to arrange that the "d=" is example.com, not
> hostname.example.com.
Ok.
> Can you attach your configuration file(s)?
I put in the opendkim.conf the following:
Domain example.com, hostname.example.com
because I wanted to make sure that mail from either would get signed if
it came through the system. It appears that both happen, so in order to
get that to work, I need to have that config, as well as the additional
DNS entries.
micah
--
Received on Mon Nov 05 2012 - 00:00:40 PST