Re: Using KeyTable, or not?

From: Alessandro Vesely <>
Date: Fri, 21 May 2010 10:19:29 +0200

On 20/May/10 21:06, Todd Lyons wrote:
> What obvious thing(s) am I missing? What does opendkim need different
> in this configuration for it to sign emails submitted to a mailman
> mailing list? And what does opendkim need different in this
> configuration for it to start when I tell it to use KeyTable? I
> suspect I need to somehow incorporate the SigningTable function, but
> the description of that does not make sense to me yet.

List signatures have to be different from regular MSA ones. One may
set up a list-dedicated server. Alternatively, isn't it feasible to
sign messages using a script, i.e. before queuing them? It could be
done with the opendkim binary, using commands similar to the ones in
its test suite. Actually, I only use the opendkim library, and don't
have mailman, so please accept my apologies if my suggestion doesn't
make sense on your server.

I'd go for using the "i=" tag with the List-ID value. For this list,
for example, it would be "". Such
convention would allow a verifier to distinguish an original /List
Domain Signature/ from those added by forwarders, if any.
Received on Fri May 21 2010 - 08:19:38 PST

This archive was generated by hypermail 2.3.0 : Mon Oct 29 2012 - 23:19:47 PST