Re: should the opendkim milter be first or last in the smtpd milters?

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

From: Murray S. Kucherawy <msk_at_blackops.org>
Date: Fri, 18 Jan 2013 12:34:07 -0800 (PST)

On Fri, 18 Jan 2013, Tracy Wise wrote:
> Should I add the opendkim milter before the existing Plesk milter, or
> after it?

This is tricky. What the signer signs and what the verifier verifies need
to be the same, so ideally opendkim is the last one on outbound mail and
the first one on inbound mail. If the Plesk filter doesn't alter the body
or any important header fields, it doesn't matter, however.

The safest thing to do would be to run two instances of opendkim, one
signing only and one verifying only, and the have the order be:

         opendkim-verify
         Plesk
         opendkim-sign

If you only want to run one instance, and if Plesk doesn't alter critical
parts of the header or any part of the body, then the order probably
doesn't matter.

-MSK
Received on Fri Jan 18 2013 - 20:34:24 PST

This archive was generated by hypermail 2.3.0 : Fri Jan 18 2013 - 20:36:01 PST