Re: "Intermediate" OpenDKIM default configuration options feedback

From: Scott Kitterman <ietf-dkim_at_kitterman.com>
Date: Thu, 30 Apr 2015 20:06:01 -0400

On Thursday, April 30, 2015 03:54:31 PM Steve Jenkins wrote:
> As 2.10.2 gets closer, I'm taking this opportunity to look at the default
> config file that my RedHat package writes out when it installs opendkim.
>
> I've stored a copy of the default config file here:
>
> https://github.com/stevejenkins/OpenDKIM-Fedora/blob/develop/OTHER/opendkim.
> conf
>
> This is intended to be an "intermediate" config file -- more advanced that
> the "simple" one in the docs dir, but not exhaustive like the "sample" one
> in the docs dir. This file should make available the most likely options
> for most intermediate users.
>
> I'd appreciate any feedback regarding options that you think should be
> there (even if they're commented out) or shouldn't be there.
>
> One requirement for the default config file is that it should allow
> opendkim to start without being touched (which is why the default Mode is
> "v," as it allows the signing options to be ignored).
>
> Thanks in advance!

Here's one I use in the Debian default config file that you don't have:

# Always oversign From (sign using actual From and a null From to prevent
# malicious signatures header fields (From and/or others) between the signer
# and the verifier. From is oversigned by default in the Debian pacakge
# because it is often the identity key used by reputation systems and thus
# somewhat security sensitive.
OversignHeaders From

I do recommend this.

Scott K
Received on Fri May 01 2015 - 00:06:14 PST

This archive was generated by hypermail 2.3.0 : Fri May 01 2015 - 00:09:02 PST