SigningTable fetched from MySQL with dsn: feature problem

From: Julien PLÉE <j.plee_at_eveil.fr>
Date: Tue, 3 Jun 2014 10:37:02 +0200

Hi all,

I have a MySQL database supporting configuration of my mail system (ubuntu+postfix+dovecot).
I tuned the mail accounts management (Postfix Admin v2.3.5) to feed the domain table with DKIM signatures when I declare a new one. So I use the DSN feature of OpenDKIM to fetch all the keys.

This is the suggested and working configuration :

SigningTable dsn:mysql://<user>:<pswd>_at_<host>/<db>/table=domain?keycol=domain?datacol=domain
KeyTable dsn:mysql://<user>:<pswd>_at_<host>/<db>/table=domain?keycol=domain?datacol=domain,selector,private_key

The problem of my specific case comes up since my account manager automatically declares a factice domain named « ALL ». Consequently this domain has no DKIM data and this really troubles OpenDKIM which won’t even initialize.
In the past days, I resolved this situation by adding a filter to the DSN :

SigningTable dsn:mysql://<user>:<pswd>_at_<host>/<db>/table=domain?keycol=domain?datacol=domain?filter='`private_key` NOT LIKE ""'
KeyTable dsn:mysql://<user>:<pswd>_at_<host>/<db>/table=domain?keycol=domain?datacol=domain,selector,private_key

This prevented OpenDKIM to prefetch unsupported domains.

Unfortunately, after a system upgrade from Ubuntu 13.10 to 14.04, this support has been broken and OpenDKIM (now v2.9.1-1) fails to initiate and run again.

In my SQL logs, I can see that « filter » is not applied to SigningTable :
SELECT domain,domain FROM domain
SELECT domain,selector,private_key FROM domain WHERE domain = 'ALL'

Then I tried to add the same filter sequence to the KeyTable string and this shows up in the logs (but this is not where I want it applied…) :
SELECT domain,domain FROM domain
SELECT domain,selector,private_key FROM domain WHERE domain = 'ALL' AND '`private_key` NOT LIKE ""'

I sure could trick the whole think by pretending ALL is a valid domain with DKIM data but this is truly ugly.

I couldn’t find enough sources to perfectly know how the DSN thing works and it’s been a pain to make it work in the first place. Now I’m totally confused.
Does any body has enough knowledge to help me restore the attended behavior ?

Thank you for your help

Julien P.
Received on Tue Jun 03 2014 - 08:36:56 PST

This archive was generated by hypermail 2.3.0 : Tue Jun 03 2014 - 08:45:00 PST