Re: "Intermediate" OpenDKIM default configuration options feedback

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

From: Steve Jenkins <steve_at_stevejenkins.com>
Date: Thu, 30 Apr 2015 20:36:13 -0700

On Thu, Apr 30, 2015 at 5:06 PM, Scott Kitterman <ietf-dkim_at_kitterman.com>
wrote:

> Here's one I use in the Debian default config file that you don't have:
>
> # Always oversign From (sign using actual From and a null From to prevent
> # malicious signatures header fields (From and/or others) between the
> signer
> # and the verifier. From is oversigned by default in the Debian pacakge
> # because it is often the identity key used by reputation systems and thus
> # somewhat security sensitive.
> OversignHeaders From
>
> I do recommend this.

Thanks, Scott. Excellent suggestion. I've added it to the Fedora pkg and
made only two changes: Debian -> Fedora and pacakge -> package.

I make that typo ALL the time, too. :)

Thank you!

SteveJ
Received on Fri May 01 2015 - 03:36:29 PST

This archive was generated by hypermail 2.3.0 : Fri May 01 2015 - 03:45:02 PST