Re: Only signing when listed in TrustedHosts AND authenticated

From: Murray S. Kucherawy <msk_at_blackops.org>
Date: Sat, 26 Sep 2015 23:24:18 -0700 (PDT)

On Tue, 14 Jul 2015, Aaron Paetznick wrote:
> I would like to be able to configure OpenDKIM to only sign email that is
> listed in the TrustedHosts AND authenticated AND encrypted, or at least just
> listed in TrustedHosts AND authenticated. Reading through the documentation
> and also doing some testing, I believe OpenDKIM is currently signing any
> email listed in TrustedHosts OR is authenticated. Basically, I would prefer
> to not automatically sign authenticated email unless ALL conditions are met,
> not ANY. I have been experimenting with the Mode and MacroList options in
> opendkim.conf, but I have not been successful in disabling signing for
> authenticated users. BTW, I would like to see several examples of valid
> syntax for these options to better understand how they're intended to be
> used.
>
> Any thoughts or working examples from others in similar situations would be
> very much appreciated.

Sorry for the slow answer. I've been basically away from the project for
the summer but I'm trying to get caught up.

I agree with Andreas' suggestion. This kind of configuration requirement
is almost certainly attainable via the Lua interfaces. Check the
opendkim-lua(3) man page that's part of the package to figure out what the
script has to look like, and then opendkim.conf(5) to configure the filter
to use your scripts. Hopefully the version you have installed includes
Lua support; check with "opendkim -V".

-MSK
Received on Sun Sep 27 2015 - 06:24:41 PST