On Thursday, February 21, 2013 04:33:56 PM Murray S. Kucherawy wrote:
> On Thu, 21 Feb 2013, Scott Kitterman wrote:
> > Why isn't it ignored by default? The output of DKIM verification is
> > verified/not verified and a domain. Logging a perfectly normal thing
> > like this by default seems excessive.
>
> Since at the time it was considered a security issue, off-by-default
> didn't make sense.
It seems to me the only potential security issue is if it got signed by
mistake (which you can't tell from the log message, but I think if opendkim
got confused about was it external and signed it, this wouldn't get logged).
I've always found what got logged and what didn't very odd.
I completely agree with what Daniel Black said. The logs are not primarily
for troubleshooting opendkim (I can turn on debug logging for that), they are
for trying to understand what went wrong in the mail system in a more global
sense in the mail system. For that logging verification results is extremely
useful.
Scott K
Received on Fri Feb 22 2013 - 05:18:42 PST
This archive was generated by hypermail 2.3.0
: Fri Feb 22 2013 - 05:27:02 PST