Re: Should I use DKIM to sign messages?

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

From: Murray S. Kucherawy <msk_at_blackops.org>
Date: Sun, 9 Feb 2014 00:25:29 -0800 (PST)

On Sat, 8 Feb 2014, Michael McCallister wrote:
> I tried doing so as a result of this advice, but opendkim wants to sign
> using the domain in the From header. Therefore, I have to somehow force
> it to sign all emails using a specified key (not using From). Two
> questions then: 1) how does one do this with opendkim (i.e. force a
> specific key regardless of From) and 2) and are you sure recipient MTAs
> will be ok with this handling (i.e. not signing with domain in From
> header - or do they just check the dkim headers for fetching the
> domain)?

OpenDKIM can sign on any criteria you like and with any selector/domain
you like. SM suggested you use a SigningTable entry of "*", which is
exactly right for your (1) above, and for (2) pretty much all recipient
MTAs know by now that the signing domain doesn't have to match anything in
the message for basic DKIM operation.

-MSK
Received on Sun Feb 09 2014 - 08:25:50 PST

This archive was generated by hypermail 2.3.0 : Sun Feb 09 2014 - 08:36:01 PST