Re: proper syntax for SenderHeaders in opendkim.conf

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

From: Murray S. Kucherawy <msk_at_blackops.org>
Date: Thu, 29 Jan 2015 23:37:04 -0800 (PST)

On Thu, 29 Jan 2015, patpro_at_patpro.net wrote:
> I don't. I want to sign everything going out, but with basic settings,
> OpenDKIM refuses to sign emails with a From that is not in my own
> domain. That's why I applied settings described in opendkim README in
> the first place (signature based on Sender header).
>
> Content of my SigningTable is the following:
>
> *_at_patpro.net patpro._domainkey.patpro.net
>
> but it yields to this kind of result for email sent by the list server:
>
> ... opendkim[50990]: 6DF13F81: no signing table match for 'a-subscriber_at_gmail.com'
> ... opendkim[50990]: 6DF13F81: s=20120113 d=gmail.com SSL error:04077068:rsa routines:RSA_verify:bad signature
> ... opendkim[50990]: 6DF13F81: bad signature data
>
> Which is obviously right, according to my SigningTable. Am I supposed to
> sign "*" ? ("bad signature" is triggered by the list server tempering
> with subject and body, I'm aware of the issue, and it's going to be
> fixed)

Yes, you can just sign "*" if you want to sign everything passing through
your server.

-MSK
Received on Fri Jan 30 2015 - 07:37:41 PST

This archive was generated by hypermail 2.3.0 : Fri Jan 30 2015 - 07:45:01 PST