On 2/7/2014 9:40 AM, SM wrote:
> Hi Michael,
> At 14:17 04-02-2014, Michael McCallister wrote:
>> I am deploying 3 mail servers for purposes of forwarding email. They
>> only forward (i.e. account1_at_example.com -> account2_at_otherexample.com
>> etc.). No end-users will send mail directly through these servers
>> (not relays). Does DKIM serve any signing role in this case? After
>> reading briefly into DKIM, it sounds as if signing should really be
>> done at the relay where the mail server would conceivably know
>> something about the sender. Based on my understanding of DKIM, I
>> should not bother signing emails on these forwarding servers. Is
>> that a correct conclusion? In case it matters at all, I am using SRS
>> (http://www.libsrs2.org/).
>
> It is worth DKIM-signing the message as it may make it easier for the
> receiver to identify the administrative domain forwarding the message.
>
> Regards,
> -sm
Thanks!
I tried doing so as a result of this advice, but opendkim wants to sign
using the domain in the From header. Therefore, I have to somehow force
it to sign all emails using a specified key (not using From). Two
questions then: 1) how does one do this with opendkim (i.e. force a
specific key regardless of From) and 2) and are you sure recipient MTAs
will be ok with this handling (i.e. not signing with domain in From
header - or do they just check the dkim headers for fetching the domain)?
Michael
Received on Sat Feb 08 2014 - 16:40:47 PST