On Thu, 11 Jul 2013, Sridhar Kakkillaya wrote:
> We are a relay service and send mails on behalf of various customers. We
> have a situation where we have to selectively sign outbound emails. Is
> it possible to sign messages only when the DKIM public key is found in
> the original sender's DNS? Or are there any other workarounds to this?
That's an interesting one. You need the name of the domain and the name
of the selector for which to check, and you would also need to have the
private key in order to be able to generate a signature that matches the
public key.
Assuming you have those, I suspect you could use one of the Lua hooks to
do the DNS query to see if the key exists, and then make the signing
request if it's there.
Lua doesn't have DNS built in, but there's a Lua extension library adding
DNS client services available for download at
http://ztact.com/software/dns.lua. I have not used it so I've no idea how
good it is.
Hope that helps!
-MSK
Received on Thu Jul 11 2013 - 18:09:49 PST